Force Redirect From HTTP to HTTPs On A Custom Port in Nginx
5 March, 2021 by
Force Redirect From HTTP to HTTPs On A Custom Port in Nginx
Administrator

 

If you’re running an Nginx vhost on a custom port, with SSL enabled, browsing to the site without HTTPs will trigger the following Nginx error.

400 Bad Request
The plain HTTP request was sent to HTTPS port
nginx

For instance, a vhost like this, running on a non-standard port :1234 with SSL enabled, will cause that error.

server {
  listen      1234 ssl;
  server_name your_site;
  ssl         on;
  ...
}

Redirecting HTTP to HTTPs the old-fashioned way

The classic way to force an HTTP to HTTPs redirection, is to have one vhost listen on port :80 and one on :443, and have the port :80 vhost redirect all traffic to the HTTPs version.

server {
  listen      80;
  server_name your.site.tld;
  
  # 301 = permanent redirect, 302 = temporary redirect
  return 301  https://your.site.tld$request_uri;
}

server {
  listen      443 ssl;
  server_name your.site.tld;
  ssl         on;
  ...
}

However, you can not use that trick if you’re running HTTPs/SSL on a custom port, as there is no “unsafe” port :80 that you can catch requests on to redirect them.

Forcing HTTPs redirects on non-standard ports

Nginx has created a custom HTTP status code to allow you to force a redirect for anyone browsing a vhost via HTTP to the HTTPs version, called 497. This is only needed if you’re running SSL on a custom port, since otherwise you can use the config shown above for redirecting.

To force the browser to redirect from HTTP to the HTTPs port, do the following.

server {
  listen      1234 ssl;
  server_name your.site.tld;
  ssl         on;
  ...
  error_page  497 https://$host:1234$request_uri;
  ...
}

Now, anyone reaching the site via the HTTP protocol will be redirect to the HTTPs version.