Last active
December 16, 2019 12:23
-
-
Save jult/1b59ab02d4fefe26bb889f1f20fc798d to your computer and use it in GitHub Desktop.
[NGINX] Redirect all hostnames and requests from http to https serverwide
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # To have port 80 requests go to their 443 equivalents for an entire webserver, put this file in /etc/nginx/conf.d/ | |
| # Note that to specify the catch-all name or default server you | |
| # need to use the *listen* directive, not the server_name directive! | |
| # See also https://nginx.org/en/docs/http/request_processing.html | |
| # | |
| # - $host catches subdomain names. | |
| # - 307 and 308 include both POST and GET request URIs. | |
| # - 307 is Temporary, change to the Permanent 308 after thorough testing: # return 308 https://$host$request_uri; | |
| server { | |
| listen 80 default; | |
| listen [::]:80 default; | |
| return 307 https://$host$request_uri; | |
| } |
Securely dropping the silly www. for better SEO:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name www.domain.tld;
include /etc/nginx/TLS;
return 308 https://domain.tld$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain.tld;
include /etc/nginx/TLS;
root /srv/domain.tld;
[..your server stuff..]
}
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
For secure nginx TLS config (giving an A+ rating on Qualys' SSLlabs) -> https://gist.github.com/jult/395ad9fd3e9773a54a67aaf689beab27 (on my systems this is /etc/nginx/TLS )