What is the best way to force all connections to use SSL?
if($scheme == ‘http’)…
redirect to https://
On Tue, Feb 8, 2011 at 5:05 PM, David J. [email protected] wrote:
What is the best way to force all connections to use SSL?
I use a separate server block like this:
server {
server_name example.com;
rewrite ^ https://example.com$request_uri? break;
}
On Tue, Feb 8, 2011 at 5:14 PM, David J. [email protected] wrote:
Wouldn’t that create an infinite loop?
The server block I described is listening on port 80, https means port
443. I can’t see how this would create a loop (and it never has on my
server, where I use this block of code for a few domains).
-Luit
Yes good point;
You are right; I forgot about that;
On 8 Fev 2011 16h14 WET, [email protected] wrote:
Wouldn’t that create an infinite loop?
No because they’re listening on different ports. No need for an
if. Use two server blocks as suggested.
The server block for port 80 always does a permanent redirect do the
the same server but listening on 443 with a SSL socket.
All the page processing happens at the server block for port 443.
server {
## This is to avoid the spurious if for sub-domain name
## rewriting. See Pitfalls and Common Mistakes | NGINX.
listen [::]:80;
server_name example.com;
rewrite ^ https://example.com$request_uri? permanent;
} # server domain rewrite.
server {
listen [::]:443 ssl;
server_name example.com;
(…)
}
— appa
Wouldn’t that create an infinite loop?
shouldnt that be wrapped in an if statement?
if($scheme == http){
rewrite ^ https://example.com$request_uri? break;
}