Nginx For Beginners
Intermediate Config
Demo Configure URL Redirect
In this tutorial, you will learn how to enforce HTTPS by redirecting all HTTP requests (port 80) to HTTPS (port 443) using NGINX. We’ll demonstrate this on a simple diner app currently served over HTTP.
Note
Before you begin, ensure NGINX is installed and your TLS certificates (.pem and .key) are available in /etc/ssl/certs/.
1. Verify the Current Setup
- Open the diner app in your browser at
http://localhost. - Check your firewall rules:
root@ubuntu-host# ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
Port 443 is not yet allowed, so accessing HTTPS returns a 502 Gateway error:
- Allow HTTPS traffic:
root@ubuntu-host# ufw allow 443/tcp
root@ubuntu-host# ufw status
Status: active
To Action From
-- ------ ----
22/tcp ALLOW Anywhere
80/tcp ALLOW Anywhere
443/tcp ALLOW Anywhere
22/tcp (v6) ALLOW Anywhere (v6)
80/tcp (v6) ALLOW Anywhere (v6)
443/tcp (v6) ALLOW Anywhere (v6)
Your firewall now permits port 443, but NGINX isn’t listening there yet.
2. Review Existing NGINX Configuration
List enabled sites:
root@ubuntu-host# ls -l /etc/nginx/sites-enabled
total 4
lrwxrwxrwx 1 root root 32 Feb 7 00:51 diner -> /etc/nginx/sites-available/diner
Open /etc/nginx/sites-available/diner—it currently listens only on HTTP:
server {
listen 80;
server_name diner.com;
root /var/www/diner;
index index.html index.htm index.nginx-debian.html;
location / {
# First attempt to serve request as file,
# then as directory, then return a 404.
try_files $uri $uri/ =404;
}
}
3. Create the HTTPS Configuration
Create (or edit) /etc/nginx/sites-available/diner-https with two server blocks:
server {
listen 80;
server_name diner.com;
# Redirect all HTTP requests to HTTPS
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name diner.com;
# SSL certificates (already present on the system)
ssl_certificate /etc/ssl/certs/diner.com.pem;
ssl_certificate_key /etc/ssl/certs/diner.com-key.pem;
root /var/www/diner;
index index.html index.htm index.nginx-debian.html;
location / {
# First attempt to serve request as file,
# then as directory, then return a 404.
try_files $uri $uri/ =404;
}
}
| Server Block | Purpose | Port |
|---|---|---|
| HTTP → HTTPS | Permanent redirect (301) to the same URI over TLS | 80 |
| HTTPS with SSL | Serves encrypted content using provided certificates | 443 |
4. Enable and Test the New Configuration
Disable the old site and enable the new one:
root@ubuntu-host# sudo rm /etc/nginx/sites-enabled/diner root@ubuntu-host# sudo ln -s \ /etc/nginx/sites-available/diner-https \ /etc/nginx/sites-enabled/diner-httpsTest NGINX syntax and reload:
root@ubuntu-host# nginx -t nginx: the configuration file /etc/nginx/nginx.conf syntax is ok nginx: configuration file /etc/nginx/nginx.conf test is successful root@ubuntu-host# nginx -s reload
Warning
If NGINX fails to reload, check for syntax errors in all files under /etc/nginx/ and confirm your certificate paths are correct.
Verify the redirect and HTTPS response:
HTTP → HTTPS redirect:
root@ubuntu-host# curl -I http://localhost HTTP/1.1 301 Moved Permanently Location: https://localhost/ Server: nginx/1.18.0 (Ubuntu)Serving content over HTTPS:
root@ubuntu-host# curl -I https://localhost --insecure HTTP/1.1 200 OK Server: nginx/1.18.0 (Ubuntu)
All HTTP requests on port 80 now automatically redirect to HTTPS on port 443, ensuring encrypted connections.
Links and References
Watch Video
Watch video content