Convert and Redirect Http to Https Using Nginx

Camilla Mo, in Technical Tips Tags: Nginx


Changing a website from HTTP to HTTPS is highly recommended. HTTPS will protect the data by encrypting it and ensure the contents between the user and the site cannot be read or forged by any third-party. Nginx is a powerful web server that you can use to convert HTTP to HTTPS. If you have no idea how to setup HTTPS in Nginx, follow instructions below.

Firstly, Install Nginx package from Nginx’s own repository. If you have installed it, skip this step.

1.
Setup the yum repository for RHEL/Centby creating a file “nginx.repo” in /etc/yum.repos.d, for example, using vi.
vi /etc/yum.repos.d/nginx.repo 









Paste the line below to the file then save it.
[nginx]
name=nginx repo
baseurl=http://nginx.org/packages/mainline/centos/7/$basearch/
gpgcheck=0
enabled=1

2. Install Nginx with yum package manager (-y allows automatic full installation.)
# yum install nginx -y
3. Start Nginx

# systemctl start nginx
4. Run the following command to check if Nginx starts successfully

# netstat -tulnp | grep 80

If it starts successfully,  you will see the 80 address as follows.




It is recommended that you set Nginx to start automatically when you start the computer:

# systemctl enable nginx
5. Visit your website and see if the Nginx is installed successfully. You will see the following message if it is installed successfully.



Secondly, obtain a SSL certificate and the private key

If you want, you can purchase a SSL certificate from a CA (Certifiicate Authority) like GoDaddy for your website. 

If not, follow steps below to generate a free certificate.

1. Install cerbot (-y allows automatic full installation)

Running the following two commands:

# yum install epel-release certbot -y
# yum install certbot -y


2. Obtain the certificate

Run the following command:

# certbot certonly


Enter the following information:

Select the  appropriate number: Type number “2” here.

Enter email address: Enter your email address here. (In my case, I entered support@drivereasy.com.)

(A) gree/(C)ancel: Type “A” here to agree the terms of service.

(Y)es/(N)o
: Type “Y” here to accept the request.

Please enter in your domain name:
Enter the domain name of your website here. (In my case, I entered www.howtofixes.com.)



After entering all required information, hit Enter. After that, you will see Congratulations under IMPORTANT NOTES.

3. Run the following command to check if the certificate and the key are generated successfully.

# ls /etc/letsencrypt/live/www.howtofixes.com


Thirdly, change the configuration

1. Nginx default configuration locates file “default.conf”. Run the following command to open the file then change the configuration.

# vi /etc/nginx/conf.d/default.conf

2. Copy and paste the following codes to the file. Note you need to replace the underline information with your information. Then save the file.

Replace “www.howfixes.com 149.56.97.243” with your website domain name and IP address.
Replace “/etc/letsencrypt/live/www.howtofixes.com/fullchain.pem” with the certificate you get.
Replace “/etc/letsencrypt/live/www.howtofixes.com/privkey.pem” with the private key you get.

server {
listen       80;
server_name  www.howtofixes.com 149.56.97.243;
return 301 https://$server_name$request_uri;
#charset koi8-r;

#access_log  logs/host.access.log  main;

location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
}
#error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
}
server {
    listen       443 ssl;
    server_name  localhost;
    ssl_certificate      /etc/letsencrypt/live/www.howtofixes.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/www.howtofixes.com/privkey.pem;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
    }
}

All http requests have been set to redirect to https (see return 301 https://$server_name$request_uri).

3. Run the following command to check if the configuration is changed correctly.

# nginx -t

If the configuration is changed correctly, you will get the following notes.



Fourthly, restart Nginx

# systemctl restart nginx


Then the last thing you need to do is visit your website to check if the address is changed to a https address.



Hope you can change your website from http to https successfully with the guide here.

Help Us Improve Article