In this article, I will explain how we can redirect HTTP traffic to HTTPS using Nginx's reverse proxy.

Ideally, you'll need an SSL certificate that has been validated by a CA (or Certificate Authority) in order for this to work.

Nginx is a free, open-source, high-performance HTTP server and reverse proxy, as well as an IMAP/POP3 proxy server. NGINX uses a very small memory footprint, in comparison with Apache and scales in all directions.

The example below will presume that you have a web server up and running on port 80

But first, we will need to access our config file. If you are using Ubuntu or any other linux distro, you'll most likely find this under /etc, providing you have nginx installed on your server.

I will be accessing the config file using vi shell editor:

sudo vi /etc/nginx/sites-available/default

Upon opening the file, your config may well look something like this:

server {

  listen 80;
  server_name www.example.com example.com;

  location / {

      proxy_pass http://localhost:8000;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection 'upgrade';
      proxy_set_header Host $host;
      proxy_cache_bypass $http_upgrade;
  }

}

Create our new server block for port 443:

server {

      listen 443 ssl http2;

      listen [::]:443 ssl http2;

      server_name www.example.com example.com;

      ssl_certificate /your/path/to/certificate.crt;

      ssl_certificate_key /your/path/to/certificate.key;

    }


As a sweetener, we'll be adding some extra directives to optimise HTTPS by specifying what cipher suites we will be using (credit to Bjorn Johansen's "Optimizing HTTPS on Nginx" for this solution)

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

ssl_session_cache shared:SSL:20m;

ssl_session_timeout 60m;

ssl_prefer_server_ciphers on;

add_header Strict-Transport-Security "max-age=31536000" always;

Our config should now be looking something like this:

server {
  listen 80;

  listen [::]:80 default_server;

  server_name www.example.com example.com;

  return 301 https://$host$request_uri;

}

server {

  listen 443 ssl http2;

  listen [::]:443 ssl http2;

  server_name www.example.com example.com;

  ssl_certificate /your/path/to/certificate.crt;

  ssl_certificate_key /your/path/to/certificate.key;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

  ssl_session_cache shared:SSL:20m;

  ssl_session_timeout 60m;

  ssl_prefer_server_ciphers on;

  add_header Strict-Transport-Security "max-age=31536000" always;

}

A foolproof way to redirecting port 80 traffic to 443 using NGINX reverse proxy

Luis Middleton

A guide to redirecting HTTP to HTTPS in Nginx

A bit about Nginx