I got my digital ocean server running nicely but now I would like only SSL traffic to hit the site. I do not want anyone to be able to browse on port 80. If they do get to port 80 I would like it to redirect to 443.
I have setup SSL and its working, could someone please give me details guide how to update config file to do as I like above?
Im not expert on ngixn so please be detail as possible.
Hi @hpema108 I’m glad you got sorted. I’m sorry I should have mentioned to replace everything in the port 80 server block with the redirect I had given.
Just so you know all ports listed in the nginx conf are totally independent of each other and the only reason port 80 pages will look the same as port 443 (ssl or tls more correctly is not using insecure security protocols) is because they have the same basic directives. Port 443 will have more because it needs to tell nginx where the security certs, keys, etc are and possibly what ciphers to use and in what order so that it can serve pages through an encrypted connection. So when you are just doing a redirect nginx doesn’t need to know anything about what to do when it receives a request on port 80 other than where to send the request, in this case to port 443 so any further configuration is useless hence why you just have the redirect in this block.
You can host as many sites as you like on the same server. You can put everything in the same conf file however that’s messy. The better approach is to create a folder under /etc/nginx/sites-available/domain-name/ and place the conf file for that domain only in there. So you have one conf file per domain. When you are happy with the config you then need to symlink the directory in sites-available to sites-enabled and reload nginx or stop and start to be extra safe.
If you are using multiple SSL certs for multiple domains then older browsers will likely throw a certificate error the older browsers can only serve the default ssl certificate. Newer browsers use a feature of TLS called SNI which permits multiple certificates to be used on the same server. In any case the older browsers that have issues with SNI are probably browsers that would fail anyway as you should not be serving any browsers through SSL Protocols and instead all requests should be served through TLS only so in reality it’s unlikely to be an issue you shouldn’t concern yourself with.
You will need to ensure that the document root for all your sites has the appropriate permissions to allow nginx to access it.