Configuring Nginx to redirect http www-name to non-www https

One of the things you have to do when setting a website is first ensure it runs on secure https protocol using an SSL certificate. This ensures that browsers won’t flag your site as “insecure” and more importantly your users are protected.

To acquire an SSL certificate, you can get one free from Letsencrypt or Cloudflare or purchase one from vendors such as Digicert, Comodo etc. You want to make sure you acquire a multidomain SSL certificate which accommodates both the www and non-www hostname. Remember sitemonki.com and www.sitemonki.com are two different domains, www one being a subdomain of the other.

Related post: Letsencrypt vs Clouflare as Free SSL provider for your website

Good Search Engine Optimization requires you to choose one preferred URL for your website; either the one which starts with www or the one with just the domain name e.g www.sitemonki.com or sitemonki.com but **NOT** both. For my case, I went with sitemonki.com. This is also called the canonical URL. It indicates to search engines and your visitors you preferred address you wish to use for your website.

Now you have to make sure that all urls redirect to the preferred url in my case sitemonki.com. This is good for both humans and robots/search engine crawlers. For human visitors, it means they’ll always be served your website regardless of which url they type. You have to use HTTP status code 301 which indicates “permanent redirect” to browsers and search engine crawlers.

So for my case I wanted to achieve the following effect;

You can use httpie, a great command line HTTP client to test our your redirects or SEO tool like woorank.com which is what I used for the above screenshot.

There are two popular web servers; Nginx and Apache. I tend to gravitate towards Nginx because its relatively easier to use and understand. It’s what I use to run Site Monki and it’s the one I use for this tutorial. My SSL certificates are from Lets encrypt who have a cool tool called cerbot to help with automated creation and renewal of SSL certificates.

Below is my sitemonki.com nginx configuration. Notice I have SSL certificate for both the www and non-www versions of sitemonki.com. I then redirect the insecure http version of both www and non-www versions to secure https non-www. Then we redirect the secure https www version to secure https non-www.

server {

     # for certbot tool to do domain verification
     location ~ "^/\.well-known/acme-challenge/(.*)$" {
        default_type text/plain;
        return 200 "$1.kBDgcYkl03cfsdfdpDV8Jv5564545qFGJDYYK0y8dTRuGk";
    }
    error_page  403 /error/404.html;
    error_page  404 /error/404.html;
    error_page  500 502 503 504 /error/50x.html;

    # proxy configures 
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header HOST $http_host;
    proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto $scheme;
    proxy_set_header X-HTTPS-Protocol $ssl_protocol;
    proxy_set_header X-NginX-Proxy true;

    # app/service
    location / {
        proxy_pass http://127.0.0.1:8080;
    }


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/sitemonki.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/sitemonki.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {

    listen 443 ssl; # managed by Certbot
    server_name     www.sitemonki.com;
    ssl_certificate /etc/letsencrypt/live/www.sitemonki.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/www.sitemonki.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    
    return 301 https://sitemonki.com$request_uri;
}
server {
    listen      80;
    server_name sitemonki.com www.sitemonki.com;
    return 301 https://sitemonki.com$request_uri;
    return 404; # managed by Certbot
}

If you like the preferred URL to be www, then you simply have to redirect the non-www URLs to www https ones. It’s your preference, but remember you must choose one. When you’re done, start monitoring expiry of your SSL certificates by signing up to Site Monki for Free.

Image: Pixabay