Nginx: disable HTTP responses for SSL port completely

httpsnginx

I have a private HTTPS server using nginx. Therefore, I don't care about browser compatibility nor HTTP to HTTPS redirection; I just want it to work in my environment and nowhere else. I have already configured it with "listen 17648 ssl;". Whenever I try to connect to it using plain HTTP, I get the infamous "The plain HTTP request was sent to HTTPS port" response.

Is there any way to prevent nginx from sending any response at all when a HTTP request is sent to a HTTPS port? I would like nginx to simply close the connection if the request is not SSL, or maybe return some SSL-level error but no plain HTTP response at all, not even an error response.

Best Answer

From Nginx documentation about the return clause:

The non-standard code 444 closes a connection without sending a response header.

So I've tried to catch the error 497 "HTTP to HTTPS" and tried to return the 444 this way:

error_page 497 =444 @close;

location @close {
   return 444;
}

Unfortunately this leads to a "pending" state due to this bug

Using the workaround proposed by the developer it seems to work:

error_page 497 =444 @close;

location @close {
   return 0;
}

Try if this fits your needs!

Correct way in new versions of nginx

Turn out my first answer to this question was correct at certain time, but it turned into another pitfall - to stay up to date please check Taxing rewrite pitfalls

I have been corrected by many SE users, so the credit goes to them, but more importantly, here is the correct code:

server {
       listen         80;
       server_name    my.domain.com;
       return         301 https://$server_name$request_uri;
}

server {
       listen         443 ssl;
       server_name    my.domain.com;
       # add Strict-Transport-Security to prevent man in the middle attacks
       add_header Strict-Transport-Security "max-age=31536000" always; 

       [....]
}

NGINX – Proxy HTTPS Requests to an HTTP Backend

The type of proxy you are trying to set up is called a reverse proxy. A quick search for reverse proxy nginx got me this page:

http://intranation.com/entries/2008/09/using-nginx-reverse-proxy/

In addition to adding some useful features like an X-Forwarded-For header (which will give your app visibility into the actual source IP), it specifically does:

proxy_redirect off

Good luck! :)

Best Answer

Related Solutions

NGINX Redirect – How to Rewrite All HTTP Requests to HTTPS While Maintaining Sub-Domain

Correct way in new versions of nginx

NGINX – Proxy HTTPS Requests to an HTTP Backend

Related Topic