Redirect non-local connections to HTTPS in nginx

Question

I'm trying to force HTTPS on remote connections and forward all traffic that is not from the 192.168.0 net to https://$host$request_uri but allow access on local connections.

In apache2 I had

Order allow,deny
Allow from 192.168.0
Allow from 127
Deny from all

in the HTTP hosts' config and had to manually change to HTTPS after getting a 403.

Ideally I'd like to add some code to the HTTP section instead of into every server since I setup a lot of subdomains.

I already read the answers from this question and know I can add

return 301 https://$host$request_uri;

But then all traffic is forwarded. I only want to forward REMOTE connections. Mainly to reduce overhead on local connections.

score 0 · Accepted Answer · edited Apr 13 '17 at 12:14

0

I found a solution using the HttpGeoModule.

By adding (source)

geo $remote {
    default http;
    192.168.0.0/24 0;
    127.0.0.0/8 0;
}

to my http section and adding

if ($remote = $scheme) {
    return 301 https://$host$request_uri;
}

to my default-snippet I achieved what I wanted.

edited Apr 13 '17 at 12:14

Community

1

answered Sep 03 '13 at 13:50

jacob1123

121
1
4

Redirect non-local connections to HTTPS in nginx

1 Answers1