Force SSL in location with nginx

If you want to enforce SSL on a particular path in your application, say an admin section, you can use nginx to automatically enforce SSL. In a previous article I went over how to configure SSL, now I'll show you can redirect part of your site.

First thing is that you'll have to create two server configurations for handling the http and https traffic.

# http://example.com
server {  
  server_name example.com;

  # site logging
  access_log /var/log/nginx/saywhatmom-web.access.log;
  error_log /var/log/nginx/saywhatmom-web.error.log;

  # Handle requests
  location / {
  }

  # Redirect admin requests to HTTPS
  location /api {
    return 301 https://$http_host$request_uri$is_args$query_string;
  }
}

# https://example.com
server {  
  server_name example.com;

  # Site logging
  access_log /var/log/nginx/example-secure.access.log;
  error_log  /var/log/nginx/example-secure.error.log;

  # SSL
  listen 443 ssl;
  ssl_certificate     /etc/nginx/ssl/example.crt;
  ssl_certificate_key /etc/nginx/ssl/example.key;


  # Handle secure requests
  location /admin {
  }

  # Redirect normal requests back to HTTP
  location / {
    return 301 http://$http_host$request_uri$is_args$query_string;
  }
}

The first config handles http traffic. For requests of the virtual directory /admin we force a redirect. This redirect will make a request that gets picked up by the second config, which handles https traffic. If a user makes an https request outside of /admin, the second config will redirect back to the first config.

That's all there is to it.

comments powered by Disqus