Nginx can not redirect HTTP to HTTPS in the proxy mode

Question

When I access with https protocol, it works. But I access with http protocol, it doesn't work at all.

My Nginx version is 1.12.1. Here is the config: /etc/nginx/sites-available/***:

server {
    listen 80;
    server_name ***;
    client_max_body_size 10240M;

    location / {
        proxy_pass http://localhost:8080/guacamole/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        proxy_cookie_path /guacamole/ /;
        access_log off;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/***/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/***/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

    if ($scheme != "https") {
        return 301 https://$host$request_uri;
    } # managed by Certbot
}

Please take a look at the firewall. This is probably a dupe of a thousand questions in the stackexchange network. — Marco, Sep 18 '17 at 16:44

score 3 · Accepted Answer · edited Sep 27 '17 at 10:14

3

I would turn on debug logs at nginx and trace what actually goes on when you try accessing your page using http.

I also wouldn't recommend using an IF-statement inside of nginx for what you are trying to achieve. Try breaking your virtual host for two server-sections:

server {
    listen 80;
    server_name ***;
    rewrite ^ https://***$uri permanent;
}
server {
    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/***/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/***/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    server_name ***;
    client_max_body_size 10240M;

    location / {
        proxy_pass http://localhost:8080/guacamole/;
        proxy_buffering off;
        proxy_http_version 1.1;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $http_connection;
        proxy_cookie_path /guacamole/ /;
        access_log off;
    }
}

edited Sep 27 '17 at 10:14

fishfree

5
1
3

answered Sep 18 '17 at 10:47

Tamerlan Abu

116
4

See also: [If is evil](https://www.nginx.com/resources/wiki/start/topics/depth/ifisevil/). – gxx Sep 18 '17 at 11:03
I tried you config, still failed. Edge browser still shows: INET_E_RESOURCE_NOT_FOUND. But I searched nothing helpful for my problem. Even I disabled ipv6 and reboot, the problem still exists. – fishfree Sep 18 '17 at 13:20
Is nginx running? Have you opened 80 and 443 ports at your firewall? – Tamerlan Abu Sep 19 '17 at 04:28
@TamerlanAbu OMG, you give me a so important tip! It turns out that the administrator shutdown 80 port using UFW, I don't know that. In fact, both my original config and yours are right! Thank you very much! – fishfree Sep 21 '17 at 06:26

Nginx can not redirect HTTP to HTTPS in the proxy mode

1 Answers1