NGiNX SSL Setup and 301 Redirects


NGiNX SSL setup and 301 redirects, this is how is called our next tutorial where we will explain in just a few easy steps how to setup a SSL certificate on NGiNX and also how to force client browser to use HTTPS by managing all necessary 301 redirects served from HTTP protocol on port 80 to HTTPS protocol on port 443. The journey from a non-secured domain to a secured one is quite easy to implement with NGiNX and also very easy to maintain and renew in the future. This solution was tested using a CentOS 7 server but it can be easily applied for different operating systems and even with container solutions, NGiNX syntax in terms of SSL remains the same no matter of the deployment.

Table of contents

Main task
NGiNX 301 Redirects
NGiNX Main Server Configuration
NGiNX SSL Setup and Configuration
Test NGiNX 301 redirect to HTTPS

Main task

As we have said in the beginning our main goal with this tutorial is to make sure that all connection between two points, client and server in this case is it and stays a secure connection all the time. In our example we will be using a domain name called and we have to secure it using NGiNX so our visitors can say that their data is safely passed between their laptop for example and the server where our website is hosted. Having a secure site also helps in terms SEO, this being a very important factor nowadays but is a must to secure the data between Browser Client (visitors) and Website.

Below we have detailed a quick scenario of what redirects we need in place:      301     ->     301     ->          301     ->         200     [OK]


Assuming that we already have a SSL certificate issued for our domain name, NGiNX is installed and is running properly we can proceed to prepare the code needed for NGiNX. In this tutorial we will assume that we are editing directly the configuration file for that can be found on /etc/nginx/conf.d/ and also our SSL certificate PEM and KEY has been copied to /etc/nginx/ssl/.

NGiNX 301 Redirects

First thing on our list is to make sure that all requests from www being initiated via HTTP or HTTPS would be redirected to our non-www domain endpoint in a secure fashion using just a simple 301 return rule to enforce this. The code listed below will help us to achieve this so please use it as a reference by replacing only the domain name and also the paths for SSL files.

# Redirects for:
#    301     -> AND
#   301     ->

server {

    listen                    	 80;
    listen 			 [::]:80;
    listen 			 443 ssl http2;
    listen                       [::]:443 ssl http2;
    server_name       ;
    ssl                          on;
    ssl_certificate              /etc/nginx/ssl/;
    ssl_certificate_key          /etc/nginx/ssl/;
    ssl_dhparam                  /etc/ssl/certs/dhparam.pem;
    return                    	 301$request_uri;
    server_tokens 		 off;


In simple terms the above code basically says that any request initiated being or to be automatically redirected permanently (301) to including all leading URIs ($request_uri).

NGiNX Main Server Configuration

Here once again we have to deal with another 301 redirect but this time from only to which is actually our main goal with this tutorial.

# Server configuration

server {

    listen 			80;
    listen 			[::]:80;
    listen 			443 ssl http2;
    listen 			[::]:443 ssl http2;
    server_tokens 		off;

    if ($scheme = http) {

	   return 301$request_uri;


As you can see on this particular section we have added now a condition in place to perform the desired 301 redirect, shortly we are asking NGiNX to perform a redirect only if the request is coming via HTTP.

Please note that the server block code has not been enclosed using }, no worries this will be closed at the end of our next step.

NGiNX SSL Setup and Configuration

On this particular step we will be focusing on SSL configuration as we have already set up all 301 redirects needed for our domain name. Here we have a simple NGiNX configuration for SSL which give us the option to tweak the most important flags and values like SSL file location, protocols to be used, ciphers and many more.

    # SSL Setup

    ssl 			 on;
    ssl_certificate 		 /etc/nginx/ssl/;
    ssl_certificate_key 	 /etc/nginx/ssl/;
    ssl_dhparam 		 /etc/ssl/certs/dhparam.pem;
    ssl_session_timeout 	 1d;
    ssl_session_cache 		 shared:SSL:20m;
    ssl_session_tickets 	 off;
    ssl_protocols 		 TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers 	 on;
    ssl_ecdh_curve 		 secp384r1;
    ssl_stapling 		 on;
    ssl_stapling_verify 	 on;
    resolver valid=300s;
    resolver_timeout 		 5s;

    # Headers

    add_header 			 Strict-Transport-Security "max-age=31536000; includeSubDomains; preload";
    add_header 			 X-Frame-Options DENY;
    add_header 			 X-Content-Type-Options nosniff;
    add_header 			 X-XSS-Protection "1; mode=block";

    # Below this line you can add your NGiNX config



Please make sure you adjust ssl_protocols and ssl_ciphers values for your specific user case, these two options can influence browser compatibility and usability.

If you don’t have already a SSL Certificate you can obtain on for free using Let’s Encrypt, more details about hot to get a free SSL certificate and also how to configure NGiNX with it can be found on our tutorial Secure NGiNX with Let’s Encrypt SSL on CentOS 7.

Having all these settings in place we can now save and close the configuration file before moving forward to our next step where we have to test our solution.

Test NGiNX 301 redirect to HTTPS

Before reloading or restarting NGiNX lets run a quick configuration test using the command listed below:

$ nginx -t

A successful output should look like this:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful


Once our configuration test is successfully passed then we can safely reload NGiNX, in this tutorial we will be using systemctl:

$ systemctl reload nginx.service


Knowing now that we have everything in place we can finally test our solution, we will be using curl in order to capture the header response from our NGiNX server.

$ curl -I -L

A successful output will look like this one listed below, meaning that our 301 redirect works as expected.

HTTP/1.1 301 Moved Permanently

HTTP/2 200

We can notice that 301 redirect from http://www. to https:// has been triggered and also our request has been enforced as well from HTTP/1.1 on port 80 to HTTP/2 on port 443.

Our short tutorial about NGiNX SSL Setup and 301 Redirects ends here, various approaches can be taken but we hope we showed you how easy is to set up 301 redirects with NGiNX.


No video posted for this page.


No screenshots posted for this page.

Source code

No code posted for this page.

About this page

NGiNX SSL Setup and 301 Redirects

Share this page

If you found this page useful please share it with your friends or colleagues.