How to Properly Redirect HTTP to HTTPS Domains in Nginx

Last updated: July 8, 2024

Reviewed by: David Martinez
Baeldung Pro – Ops – NPI EA (cat = Baeldung on Ops)
announcement - icon

Learn through the super-clean Baeldung Pro experience:

>> Membership and Baeldung Pro.

No ads, dark-mode and 6 months free of IntelliJ Idea Ultimate to start with.

Partner – Orkes – NPI EA (cat=Kubernetes)
announcement - icon

Modern software architecture is often broken. Slow delivery leads to missed opportunities, innovation is stalled due to architectural complexities, and engineering resources are exceedingly expensive.

Orkes is the leading workflow orchestration platform built to enable teams to transform the way they develop, connect, and deploy applications, microservices, AI agents, and more.

With Orkes Conductor managed through Orkes Cloud, developers can focus on building mission critical applications without worrying about infrastructure maintenance to meet goals and, simply put, taking new products live faster and reducing total cost of ownership.

Try a 14-Day Free Trial of Orkes Conductor today.

1. Introduction

In this tutorial, we’ll explore properly redirecting HTTP to HTTPS domains using Nginx. Securing our website with HTTPS protects user data and improves search engine rankings.

We’ll also discuss how to handle reverse proxy HTTPS to HTTP scheme redirects in Nginx.

2. Why Redirect HTTP to HTTPS?

Redirecting HTTP to HTTPS ensures that all traffic between the server and clients is encrypted using Transport Layer Security (TLS), enhancing the overall security of data transmission. This encryption helps protect sensitive information such as login credentials, personal data, and payment details from being intercepted by malicious actors.

By securing the communication channel, HTTPS prevents man-in-the-middle attacks where an attacker might try to eavesdrop or alter the communication between the client and the server. Furthermore, it ensures data integrity by guaranteeing that the data received by the client is exactly what the server sent, without any modifications.

Search engines like Google also prefer HTTPS over HTTP, which can improve our website’s SEO rankings. Google has clarified in its policies that HTTPS is a ranking signal, meaning that websites using HTTPS are more likely to rank higher in search results than their non-secure counterparts.

This preference should encourage us to adopt HTTPS to secure their sites and gain better visibility and traffic from search engines. Additionally, users are more likely to trust and engage with websites that display the secure padlock icon, leading to improved user experience and potentially higher conversion rates.

2.1. Architecture Setup Flowcharts

In our article, we cover two examples – HTTP to HTTPS and reverse configuration. Let’s explore the basic architecture design.

Below is a flowchart representing the basic setup for redirecting HTTP traffic to HTTPS using Nginx:

          +-------------+
          |   Client    |
          +-------------+
                |
                v
     +---------------------+
     |     Nginx Server    |
     | (Listen on Port 80) |
     +---------------------+
                |
                v
     +-----------------------------+
     | Redirect to HTTPS (Port 443)|
     +-----------------------------+
                |
                v
     +---------------------+
     |     Nginx Server    |
     | (Listen on Port 443)|
     +---------------------+
                |
                v
     +-----------------------------+
     | Serve HTTPS Content Securely|
     +-----------------------------+

In this setup:

  • The client initiates an HTTP request to the server
  • Nginx listens on port 80 for HTTP traffic
  • Nginx redirects the request to HTTPS on port 443
  • The client connects to the server over HTTPS
  • Nginx serves the content securely over HTTPS

In the following sections, we’ll also explore the reverse proxy HTTPS to HTTP setup. Let’s check the setup for handling HTTPS to HTTP scheme redirection using Nginx as a reverse proxy as a flowchart first:

          +-------------+
          |   Client    |
          +-------------+
                |
                v
     +---------------------+
     |     Nginx Server    |
     | (Listen on Port 443)|
     +---------------------+
                |
                v
     +-----------------------------+
     |   Forward to Backend Server |
     | (HTTP, Port 80)             |
     +-----------------------------+
                |
                v
     +---------------------------+
     | Backend Application Server|
     | (Listen on Port 80)       |
     +---------------------------+
                |
                v
     +-----------------------------+
     | Serve HTTP Content (Internal)|
     +-----------------------------+

In this setup:

  • The client initiates an HTTPS request to the server
  • Nginx listens on port 443 for HTTPS traffic
  • Nginx forwards the request to the backend server over HTTP on port 80
  • The backend server processes the request and serves the content internally over HTTP

Now that we know the basic examples, let’s dive into the configuration code snippets.

3. Basic HTTP to HTTPS Redirection

Redirecting HTTP to HTTPS is a fundamental step in securing web traffic. In this section, we’ll cover the steps to configure Nginx to perform this redirection and then look at a more comprehensive setup that includes SSL configuration.

3.1. Nginx Configuration

First, we need to modify our Nginx configuration file to redirect HTTP to HTTPS. Here’s a simple example:

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    
    return 301 https://$host$request_uri;
}

In this configuration:

  • listen 80 tells Nginx to listen on port 80 for HTTP traffic
  • server_name specifies the domain names this server block should respond
  • return 301 https://$host$request_uri redirects all HTTP requests to the corresponding HTTPS URL with a 301 Moved Permanently status code

This type of simple configuration will work for most of the simple examples, such as static websites. Sometimes, we might need to handle additional security, which we cover below.

3.2. Full Configuration With SSL

Here’s a more comprehensive example that includes the SSL certificate handling:

server {
    listen 80;
    server_name yourdomain.com www.yourdomain.com;
    
    return 301 https://$host$request_uri;
}

server {
    listen 443 ssl;
    server_name yourdomain.com www.yourdomain.com;
    
    ssl_certificate /etc/nginx/ssl/yourdomain.com.crt;
    ssl_certificate_key /etc/nginx/ssl/yourdomain.com.key;
    
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    
    location / {
        root /var/www/yourdomain.com;
        index index.html index.htm;
    }
}

In this configuration, the first server block handles HTTP requests and redirects them to HTTPS, while the second server block listens on port 443 for HTTPS traffic and includes SSL certificate and key configurations.

4. Handling Reverse Proxy HTTPS to HTTP Scheme Redirect

When Nginx is used as a reverse proxy, we might need to handle redirects from HTTPS to HTTP. Here’s how we can configure Nginx for such scenarios:

4.1. Basic Reverse Proxy Configuration

Let’s first check the basic HTTPS to HTTP configuration:

server {
    listen 443 ssl;
    server_name yourdomain.com;

    ssl_certificate /etc/nginx/ssl/yourdomain.com.crt;
    ssl_certificate_key /etc/nginx/ssl/yourdomain.com.key;
    
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    
    location / {
        proxy_pass http://backend_server;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
    }
}

In this configuration, proxy_pass http://backend_server forwards requests to the backend server, while proxy_set_header directives set the appropriate headers for the proxied request.

4.2. Handling Backend HTTPS Redirects

We might be in a more advanced configuration situation if the backend server sends HTTP redirects. Then, we need to rewrite them back to HTTPS using the following config:

server {
    listen 443 ssl;
    server_name yourdomain.com;

    ssl_certificate /etc/nginx/ssl/yourdomain.com.crt;
    ssl_certificate_key /etc/nginx/ssl/yourdomain.com.key;
    
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    
    location / {
        proxy_pass http://backend_server;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto https;
        
        proxy_redirect http:// https://;
    }
}

The most important part of the configuration snippet above is the proxy_redirect http:// https://; directive that rewrites HTTP redirects from the backend server to HTTPS.

5. Conclusion

In this article, we discussed how to properly redirect HTTP to HTTPS using Nginx, including handling non-WWW to WWW redirections. We also covered how to handle reverse proxy scenarios where HTTPS is used on the front end and HTTP on the back end.

Implementing these configurations ensures secure and seamless user experiences, protects data integrity, and improves our website’s SEO.