If you’re running an Nginx vhost on a custom port, with SSL enabled, browsing to the site without HTTPs will trigger the following Nginx error.
400 Bad Request The plain HTTP request was sent to HTTPS port nginx
For instance, a vhost like this, running on a non-standard port :1234 with SSL enabled, will cause that error.
server {
listen 1234 ssl;
server_name your_site;
ssl on;
...
}
Redirecting HTTP to HTTPs the old-fashioned way
The classic way to force an HTTP to HTTPs redirection, is to have one vhost listen on port :80 and one on :443, and have the port :80 vhost redirect all traffic to the HTTPs version.
server {
listen 80;
server_name your.site.tld;
# 301 = permanent redirect, 302 = temporary redirect
return 301 https://your.site.tld$request_uri;
}
server {
listen 443 ssl;
server_name your.site.tld;
ssl on;
...
}
However, you can not use that trick if you’re running HTTPs/SSL on a custom port, as there is no “unsafe” port :80 that you can catch requests on to redirect them.
Forcing HTTPs redirects on non-standard ports
Nginx has created a custom HTTP status code to allow you to force a redirect for anyone browsing a vhost via HTTP to the HTTPs version, called 497. This is only needed if you’re running SSL on a custom port, since otherwise you can use the config shown above for redirecting.
To force the browser to redirect from HTTP to the HTTPs port, do the following.
server {
listen 1234 ssl;
server_name your.site.tld;
ssl on;
...
error_page 497 https://$host:1234$request_uri;
...
}
Now, anyone reaching the site via the HTTP protocol will be redirect to the HTTPs version.