sample script nginx :
server
{
listen 443 default ssl;
listen [::]:443 ssl;
root /var/www/html/api_mobile/public;
include snippets/ssl-params.conf;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.html index.php index.htm index.nginx-debian.html;
server_name sitename.com;
charset utf-8;
location / {
if ($scheme ="http") {
# redirect all non api traffic to https block
return 301 https://$server_name$request_uri;
}
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
ssl_certificate /etc/letsencrypt/live/sites/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/site/privkey.pem; # managed by Certbot
}
point on scheme condition :
if ($scheme ="http")
{
# redirect all non api traffic to https block
return 301 https://$server_name$request_uri;
}
it core of redirect on one port 443 https force http to https
Top comments (1)
this code is not performant. so for each request nginx must check whether it is http or https. To have a high-performance code you must create 2 servers {}, one on port 80 which redirects to port 443 and the other server on port 443 where the site responds