Nginx HTTP redirect to HTTPS

Question

The entire site uses HTTPS, and only port 443 is open. However, it will be inaccessible when using http request, and the https protocol header must be added manually.

Is there any way to redirect http requests on port 80 to 443 to use https?

仅有的幸福 · Answer

If you don’t have nginx, install it. If you want to enable http2, the version must be above 1.90, then configure port 443 first, and finally forward the http 80 port request to 443. For complete configuration, please refer to the configuration of my blog below:

#设置非安全连接永久跳转到安全连接
server{
    listen 80;
    server_name m2mbob.cn;
    #告诉浏览器有效期内只准用 https 访问
    add_header Strict-Transport-Security max-age=15768000;
    #永久重定向到 https 站点
    return 301 https://$server_name$request_uri;
}

server {
    #启用 https, 使用 http/2 协议, nginx 1.9.11 启用 http/2 会有bug, 已在 1.9.12 版本中修复.
    listen 443 ssl http2 fastopen=3 reuseport;
    server_name m2mbob.cn www.m2mbob.cn;
    #告诉浏览器不要猜测mime类型
    add_header X-Content-Type-Options nosniff;

    ssl on;
    #证书路径
    ssl_certificate 证书路径;
    #私钥路径
    ssl_certificate_key 私钥路径;
    #安全链接可选的加密协议
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    #可选的加密算法,顺序很重要,越靠前的优先级越高.
    ssl_ciphers 'CHACHA20:EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH:ECDHE-RSA-AES128-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA128:DHE-RSA-AES128-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-GCM-SHA128:ECDHE-RSA-AES128-SHA384:ECDHE-RSA-AES128-SHA128:ECDHE-RSA-AES128-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA128:DHE-RSA-AES128-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA384:AES128-GCM-SHA128:AES128-SHA128:AES128-SHA128:AES128-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4;';
    #在 SSLv3 或 TLSv1 握手过程一般使用客户端的首选算法,如果启用下面的配置,则会使用服务器端的首选算法.
    ssl_prefer_server_ciphers on;
    #储存SSL会话的缓存类型和大小
    ssl_session_cache shared:SSL:10m;
    #缓存有效期
    ssl_session_timeout 60m;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   Host      $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass         http://127.0.0.1:2368;
    }
}

给我你的怀抱 · Answer

The first plan>

    配置2个监听文件,一个80端口负责http,一个443端口负责https

Second plan>

server {
            listen 80 default;
            listen 443 ssl;
            server_name test.com;
            root /var/www/html;
            ssl_certificate /usr/local/Tengine/sslcrt/test.com.crt;
            ssl_certificate_key /usr/local/Tengine/sslcrt/test.com.key;
        }