0

I have a couple of applications that I maintain at my work and noticed that some employees are able to use the non-secure paths to those applications such as: example.com, www.example.com. Using either of those paths will direct them to the HTTP path instead of HTTPS, unless they specify HTTPS in the url. We currently use nginx as our gateway, but I did not do the initial configuration of our nginx gateway, so I don't really know what works and what doesn't.

Here is a snippet of our nginx.conf file

server{
        listen  80 default_server;
        listen  [::]:80 default_server;
        server_name localhost;

        location / {
            proxy_pass http://localhost:3000;
        }
}

# Settings for a TLS enabled server.

    server {
        listen      443 ssl http2 default_server;
        listen      [::]:443 ssl http2 default_server;
        server_name     localhost;

        ssl_certificate "/etc/nginx/ssl/domain-crt.txt";
        ssl_certificate_key "/etc/nginx/ssl/domain-key.txt";
        ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;

        ## More configuration below this...
    }

I tried doing a return in the listen 80 section but this did not work:

server{
        listen  80 default_server;
        listen  [::]:80 default_server;
        server_name localhost;
        return 301 https://$host$request_uri;

        location / {
            proxy_pass http://localhost:3000;
        }
}

I reloaded nginx with the corrections and I was still able to connect to the http paths without it redirecting to https. I don't know if this has something to do with the server_name being localhost because I've only seen examples online where they are redirecting to the actual domain name, but this is how our applications are setup and I don't know if changing that will have effects on the connectivity of our applications. If anyone has any ideas or suggestions on how I could get a redirect to work properly, that would be great. Thanks!

Michael
  • 1,454
  • 3
  • 19
  • 45

1 Answers1

3

You're missing the semicolon at the end, also you should get rid of the proxy_pass since that overrides the behavior.

server {
    listen  80 default_server;
    listen  [::]:80 default_server;
    server_name localhost;

    location / {
        return 301 https://$host$request_uri;
    }
}
flyx
  • 35,506
  • 7
  • 89
  • 126
  • missing the semicolon might have just been a typo on this post, but I will try this way that you have suggested and see if that works. – Michael Jun 10 '20 at 15:36
  • i also suggest you to check if no other configuration have `listen 80 default_server;` more documentation can be found here https://stackoverflow.com/questions/9454764/nginx-server-name-wildcard-or-catch-all – Yanis-git Jun 10 '20 at 15:39
  • So it looks like I was missing the semicolon. Putting the semicolon in and reloading nginx solved the issue. I'm going to accept your answer anyway because it might help someone out in the future. Thanks. – Michael Jun 10 '20 at 16:22