Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Redirect from port 80 to 443? #13

Closed
jcheroske opened this issue Apr 21, 2016 · 2 comments
Closed

Redirect from port 80 to 443? #13

jcheroske opened this issue Apr 21, 2016 · 2 comments

Comments

@jcheroske
Copy link

How would I configure the nginx instance within mup to redirect from 80 -> 443?

Thanks!
@thomasf1
Copy link

Would a custom nginx config help you as proposed in #9 ?

@mandreko
Copy link

mandreko commented Dec 13, 2016
edited
Loading

I'd love to see this as well. I typically do an nginx config to redirect all port 80 to 443, and strengthen the ssl ciphers like so:

server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name domain.com;
        rewrite ^/(.*) https://www.domain.com$1 permanent;
}

server {
        listen 80;
        listen [::]:80;
        server_name www.domain.com;
        rewrite ^/(.*) https://www.domain.com$1 permanent;
}

server {
        listen 443;
        listen [::]:443;
        server_name www.domain.com;

        if ($host = 'domain.com') {
                rewrite ^/(.*)$ https://www.domain.com/$1 permanent;
        }

        ssl on;
        #LetsEncrypt Certs
        ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem;

        ssl_session_timeout 5m;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
        ssl_prefer_server_ciphers on;
        ssl_dhparam /etc/ssl/certs/dhparam.pem;
        ssl_session_cache shared:SSL:10m;
        ssl_stapling on;
        ssl_stapling_verify on;
        resolver 8.8.8.8 valid=300s;
        resolver_timeout 5s;

        add_header Strict-Transport-Security "max-age=63072000;includeSubdomains; preload";
        add_header X-Frame-Options DENY;
        add_header X-Content-Type-Options "nosniff";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Permitted-Cross-Domain-Policies: master-only;
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@mandreko @thomasf1 @jcheroske