HTTP to HTTPS redirects in nginx done right


Rewriting the traffic from HTTP->HTTPS is a standard procedure these days. Mostly because of convenience, the HTTP port is still open.

As you can se below, there is a common pattern using the rewrite directive in nginx:

server {
    listen *:80;
    rewrite ^(.*) https://$host$1 permanent;

server {
    listen *:443;
    # The actual server configuration now
    root /var/www/;

This results in a HTTP Response with status code 301, pointing to the given URL in the second argument.

$host might not evaluate to a your desired host

$host is a valid

The regex must be processed

Regex parsing is quite expensive on the computing side. All this regex does is capturing the full Request URI. Why do you need to capture this, when you’ve got already the $request_uri variable pre-filled?


Use return

ACME (Letsencrypt) does not work