Turn off http access after https working

cshankey · November 3, 2016, 7:34am

I have successfully setup my site to use https and now when I type in the url www.mysite.org it correctly defaults to https and renders the site.
However, I am still able to get to my directly without ssl namely by going: http://xxx.xxx.xxx.xxx:8000.

The site is setup specifically to use port 80 after doing:
bench set-nginx-port www.mysite.org 80
but I not sure if that is the issue.

I would like to have the site have secure access only and not both secure and non-secure http.

Ranjith · November 3, 2016, 7:51am

Hi,
You have to redirect http traffic to https.
bench setup nginx should add this to nginx conf.
If not

http to https redirect

    server {
        listen 80;
            server_name yourorg.com;

        return 301 https://$host$request_uri?$query_string;
    }

add the above to nginx conf

hpema108 · November 3, 2016, 8:01am

@cshankey

you can check out https://frappe.github.io/frappe/user/en/bench/guides/lets-encrypt-ssl-setup.html

regards
Hemant