Force Redirect From HTTP to HTTPs On A Custom Port in Nginx

Tired of the privacy invasion of the Chrome webbrowser? Worried about the risk of seeing ads everywhere? Give the Brave Browser a try. It supports all the same Chrome extensions, with none of the telemetry. It auto-blocks ads and helps support content creators like me.

Give the Brave browser a try »

Profile image of Mattias Geniar

Mattias Geniar, December 16, 2014

Follow me on Twitter as @mattiasgeniar

If you’re running an Nginx vhost on a custom port, with SSL enabled, browsing to the site without HTTPs will trigger the following Nginx error.

400 Bad Request
The plain HTTP request was sent to HTTPS port
nginx

For instance, a vhost like this, running on a non-standard port :1234 with SSL enabled, will cause that error.

server {
  listen      1234 ssl;
  server_name your_site;
  ssl         on;
  ...
}

Redirecting HTTP to HTTPs the old-fashioned way

The classic way to force an HTTP to HTTPs redirection, is to have one vhost listen on port :80 and one on :443, and have the port :80 vhost redirect all traffic to the HTTPs version.

server {
  listen      80;
  server_name your.site.tld;
  
  # 301 = permanent redirect, 302 = temporary redirect
  return 301  https://your.site.tld$request_uri;
}

server {
  listen      443 ssl;
  server_name your.site.tld;
  ssl         on;
  ...
}

However, you can not use that trick if you’re running HTTPs/SSL on a custom port, as there is no “unsafe” port :80 that you can catch requests on to redirect them.

Forcing HTTPs redirects on non-standard ports

Nginx has created a custom HTTP status code to allow you to force a redirect for anyone browsing a vhost via HTTP to the HTTPs version, called 497. This is only needed if you’re running SSL on a custom port, since otherwise you can use the config shown above for redirecting.

To force the browser to redirect from HTTP to the HTTPs port, do the following.

server {
  listen      1234 ssl;
  server_name your.site.tld;
  ssl         on;
  ...
  error_page  497 https://$host:1234$request_uri;
  ...
}

Now, anyone reaching the site via the HTTP protocol will be redirect to the HTTPs version.



Want to subscribe to the cron.weekly newsletter?

I write a weekly-ish newsletter on Linux, open source & webdevelopment called cron.weekly.

It features the latest news, guides & tutorials and new open source projects. You can sign up via email below.

No spam. Just some good, practical Linux & open source content.