Using Nginx how do I redirect single URIs from http to https?

Question

Most transactions from the webapp are secured on their own but do not show the lock icon when transactions are happening in the browser. The goal is to have certain pages, like the login pages, be ssl encrypted and show the lock icon in the browser. An example would be http://www.domain.com/pro should be https but if you went to http://www.domain.com it would come in over http. We have a few URIs that would need to be redirected.

My first attempt was trying a rewrite:

rewrite ^/pro$ https://www.domain.com/pro

But that obviously causes a redirect loop so I tried to include the http portion.

rewrite ^http:*./pro$ https://www.domain.com/pro

This also did not work and resulted in a redirect loop as well. My only guess is that the regex in rewrite does not look at the header only the URI itself so it would start with www and not http.

I tried a few things using location instead of rewrite and this is where I'm stuck.

location /pro {
    if ( $scheme = http ){
        rewrite ^ https://www.domain.com/pro;
    }
}

With this in the configuration the rewrite happens but I get a 404 Not Found page from nginx. If I remove it but type in https://www.domain.com/pro then it loads fine. I feel that the location statement is catching the URI again but doesn't know what to do with it since the if statement is no longer true. I'm just not sure what else to include in the location block to get it to work.

So how can I get certain pages to switch from a http connection to a https connection?

score 3 · Accepted Answer · answered Sep 22 '11 at 18:30

3

HTTPS and normal HTTP will come in through different ports, so really what you want to do is just redirect any normal HTTP requests that you want to be served over HTTPS to HTTPS. So the following:

server {
  listen                      80;
  server_name                 _;

  location / {
    rewrite ^/(pro)$ https://$host/$1;
  }
}

... should not cause a redirect loop, because it is forwarding only on :80, and it is forwarding TO :443 (which is what HTTPS requests will come in as, by default).

answered Sep 22 '11 at 18:30

Remi

156
1
3
9

I had both 80 and 443 in the same server directive. Don't know why I didn't split it up sooner. Using the variables didn't work for me, it returned a 404 error. I had to explicitly say location /pro { rewrite ^ https://www.domain.com/pro } and do that for each URI I wanted to secure. Thanks – Manny T Sep 22 '11 at 19:56

Using Nginx how do I redirect single URIs from http to https?

1 Answers1

Linked