0

Sorry of the messy conf file. I have been trying everything, so it's become a mess. I want to enable SSL and redirect all traffic to https. Currently, with the below conf file, I can navigate to HTTP with no issues. HTTPS just redirects back to HTTP. If I uncomment line 5, then the browser simply says too many redirects. Any help is appreciated.

UPDATE: Based on the comment below, I updated the conf file. Same issue. The minute I add return 301 I get too many redirects error. 

    # Redirect all variations to https://www domain
server {
  listen 80;
  server_name name.com www.name.com;
 # return 301 https://www.name.com$request_uri;
}

server {
  listen 443 ssl;
  server_name name.com;

  ssl_certificate /etc/letsencrypt/live/name.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/name.com/privkey.pem;

  # Set up preferred protocols and ciphers. TLS1.2 is required for HTTP/2
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

  # This is a cache for SSL connections
  ssl_session_cache shared:SSL:2m;
  ssl_session_timeout 60m;


 #return 301 https://www.name.com$request_uri;
}
ismail_1
  • 3
  • 1
user357151
  • 1
  • 1
  • 1

1 Answers1

4

You need two server blocks for redirection (as per below), then your main block that services actual requests (not included below as it depends on your application / usage). 

# Redirect all variations to https://www domain
server {
  listen 80;
  access_log  /var/log/nginx/example.access.log main buffer=128k flush=60 if=$log_ua;
  server_name example.com www.example.com;
  return 301 https://www.example.com$request_uri;
}

server {
  listen 443 ssl http2;
  server_name example.com;

  ssl_certificate /var/lib/acme/certs/xx/fullchain;
  ssl_certificate_key /var/lib/acme/certs/xx/privkey;

  access_log  /var/log/nginx/example.access.log main buffer=128k flush=60 if=$log_ua;

  # Set up preferred protocols and ciphers. TLS1.2 is required for HTTP/2
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;
  ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;

  # This is a cache for SSL connections
  ssl_session_cache shared:SSL:2m;
  ssl_session_timeout 60m;


  return 301 https://www.example.com$request_uri;
}
Tim
  • 30,383
  • 6
  • 47
  • 77