How-To

Best way to redirect all HTTP requests to HTTPS with Nginx

Alex KondratievAlex Kondratiev

4 min read

Today, security is more crucial for websites. In the past, system admins only worried about setting up HTTPS for sites that dealt with credit card information. But as more websites are dealing with sensitive personal information like emails and locations, the need for secure communication between websites and users has increased. Also, Google uses HTTPS as a ranking factor. So you must address your "Your connection is not secure" and “HTTP redirect not working” issues as soon as possible.

What is HTTPS?

HTTPS stands for Hypertext Transfer Protocol Secure. It is HTTP with security added. HTTPS can use the SSL or TLS protocol. Often, these protocols are talked about interchangeably. They help encrypt data that travels between web browsers and users. 

HTTPS secures communications and makes it harder for hackers and cybercriminals to steal information.

What Do You Need?

To set up HTTPS on NGINX, you will need to know which protocols and ciphers you want to support. Also, you will need to obtain a certificate and a corresponding private key that is issued by a third-party trusted certificate authority.

When it comes to transport security protocols, only TLS 1.2 and TLS 1.3 are relevant today. Older protocols such as SSL 2.0, SSL 3.0, TLS 1.0, and TLS 1.1 are deprecated and should never be enabled due to serious security vulnerabilities. TLS 1.3 is now the modern standard, offering faster handshakes and stronger encryption.

All major browsers and clients support TLS 1.3, and TLS 1.2 remains widely compatible for legacy systems. You can safely disable everything below TLS 1.2 without affecting legitimate traffic. Cipher suites can still be customized, but the default configurations in NGINX (or your OS’s SSL library) already provide secure, recommended settings aligned with current best practices.

The most important thing you need to set up HTTPS is a trusted certificate. Generally, you have to buy it from a Certificate Authority (CA). ComodoSymantecGoDaddyIdenTrust, and DigiCert are some of the well-known CAs. 

Configuring HTTPS on NGINX

For setting up HTTPS, add the following to your config file:

nginx
1server {
2  listen 443 ssl http2;
3  server_name www.example.com;
4

5  ## SSL certificates
6  ssl_certificate     /path/to/fullchain.pem;
7  ssl_certificate_key /path/to/privkey.pem;
8

9  ## TLS configuration
10  ssl_protocols TLSv1.2 TLSv1.3;
11  ssl_prefer_server_ciphers off;  # Not needed for TLS 1.3 (ciphers are chosen automatically)
12

13  ## Strong and modern cipher suites for TLS 1.2
14  ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:
15               ECDHE-RSA-AES256-GCM-SHA384:
16               ECDHE-ECDSA-CHACHA20-POLY1305:
17               ECDHE-RSA-CHACHA20-POLY1305:
18               ECDHE-ECDSA-AES128-GCM-SHA256:
19               ECDHE-RSA-AES128-GCM-SHA256';
20}

Of course,  /path/to/fullchain.pem and /path/to/privkey.pem (private key) should point to your own environments.

NGINX redirect: HTTP to HTTPS

The next step is to redirect your HTTP traffic to HTTPS. You can follow two methods:

Redirect All HTTP traffic

You can redirect all traffic on HTTP (port 80) to the HTTPS version of your site. You can use the following configuration:

nginx
1server {
2  listen 80 default_server;
3  server_name _;
4  return 301 https://$host$request_uri;
5}

The 301 directive will take any server_name and send the client to the HTTPS version of the requested URI.

Redirect only Specific Sites

It’s also possible to redirect only specific sites:

typescript
1server {
2  listen 80;
3  server_name example.com;
4  return 301 https://example.com$request_uri;
5}

In the above case, on port 80 it will only perform a 301 redirect when the hostname is example.com. Also, the hostname is hardcoded for the redirect.

Alex Kondratiev

Alex Kondratiev

Founder of ITsyndicate. DevOps Enthusiast with 15+ years of experience in cloud, Infrastructure as Code, Kubernetes, and automation. Specialized in architecting secure, scalable, and resilient systems.

How to Run a Docker Container on Your Local Machine

This article is a quick, hands-on guide to running Docker locally. It walks through essential CLI commands for managing images and containers (build, pull, run, ps, start/stop, rm/rmi) and shows how to automate image creation with a Dockerfile. You’ll build an image, run a container with port mapping, verify it’s running, and learn tips for environment setup - everything you need to spin up and manage local containers efficiently.

A guide how to restart Kubernetes pods with kubectl

Even in well-designed Kubernetes environments, you may occasionally need to restart pods due to factors such as a cluster outage, a pod failure, or configuration changes.

Connecting to Docker Host from Docker Container

Learn how to connect from a Docker container to the Docker host. This capability can be handy for development tasks such as managing other containers, performing backups, or building a simple admin interface to manage them.

Plan the present.
Build the future.