Configuring Nginx and Apache to Redirect Port 80 to 443 with SSL
Introduction
This guide explains how to configure Nginx and Apache to:
- Open ports 80 (HTTP) and 443 (HTTPS).
- Redirect all HTTP traffic on port 80 to HTTPS on port 443.
- Install and configure an SSL certificate using Let’s Encrypt.
- Properly set up the SSL certificate in your web server configuration.
Part 1: Configuring SSL and Redirection in Nginx
Step 1: Install SSL Certificate with Certbot
sudo apt update
sudo apt install certbot python3-certbot-nginx -y
sudo certbot --nginx
- Follow the prompts to select your domain and enable HTTPS.
- Certbot will automatically configure SSL and set up redirection from HTTP to HTTPS.
- If Certbot doesn’t configure redirection, proceed with manual configuration in Step 2.
Step 2: Manual Configuration of Nginx Server Block
-
Open your Nginx configuration file:
sudo nano /etc/nginx/sites-available/yourdomain -
Add a server block to handle HTTP requests and redirect them to HTTPS:
server {
listen 80;
server_name yourdomain.com www.yourdomain.com;
return 301 https://$host$request_uri;
} -
Ensure your HTTPS server block looks like this:
server {
listen 443 ssl;
server_name yourdomain.com www.yourdomain.com;
ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
root /var/www/yourdomain;
index index.html index.htm;
location / {
try_files $uri $uri/ =404;
}
error_log /var/log/nginx/yourdomain_error.log;
access_log /var/log/nginx/yourdomain_access.log;
} -
Save and exit, then test the configuration:
sudo nginx -t -
Reload Nginx to apply the changes:
sudo systemctl reload nginx
Part 2: Configuring SSL and Redirection in Apache
Step 1: Install SSL Certificate with Certbot
sudo apt update
sudo apt install certbot python3-certbot-apache -y
sudo certbot --apache
- Certbot will prompt you to choose whether to enable HTTP to HTTPS redirection.
- If Certbot doesn’t set up redirection automatically, proceed with manual configuration in Step 2.
Step 2: Manual Configuration of Apache Virtual Host
-
Open your Apache virtual host configuration file:
sudo nano /etc/apache2/sites-available/yourdomain.conf -
Add the following configuration for port 80 to redirect HTTP to HTTPS:
<VirtualHost *:80>
ServerName yourdomain.com
ServerAlias www.yourdomain.com
Redirect permanent / https://yourdomain.com/
</VirtualHost> -
Ensure your HTTPS virtual host configuration looks like this:
<VirtualHost *:443>
ServerName yourdomain.com
ServerAlias www.yourdomain.com
DocumentRoot /var/www/yourdomain
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost> -
Save and exit, then reload Apache:
sudo systemctl reload apache2
Part 3: Ensure Firewall Allows Ports 80 and 443
-
For UFW firewall:
sudo ufw allow 'Nginx Full' # For Nginx
sudo ufw allow 'Apache Full' # For Apache
sudo ufw reload -
For iptables:
sudo iptables -I INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT -p tcp --dport 443 -j ACCEPT
Part 4: Testing the Setup
- Open your browser and navigate to
http://yourdomain.com. - Ensure it automatically redirects to
https://yourdomain.com. - Check the SSL padlock icon in the address bar, confirming the connection is secure.
Part 5: Auto-Renewal of SSL Certificates
Let’s Encrypt certificates are valid for 90 days, so set up auto-renewal using a cron job:
-
Open the cron editor:
sudo crontab -e -
Add the following line to renew the certificate daily:
0 3 * * * certbot renew --quiet -
Test the auto-renewal process manually:
sudo certbot renew --dry-run
Conclusion
By following this tutorial, your website will:
- Be secured with a free SSL certificate from Let’s Encrypt.
- Redirect all HTTP traffic on port 80 to HTTPS on port 443.
- Have automatic SSL certificate renewal set up, ensuring continuous secure access.