Redirect all non-secure requests to use an HTTPS connection. An SSL certificate is required to be installed on the web server.

Redirect All Sites On Server To HTTPS

Redirect all non-secure (HTTP) requests to use an HTTPS connection for any site configured on the server by adding the following to your nginx.conf file:

server {
    listen 80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
}

The server_name value of _ matches all hostnames. For SEO purposes, this redirect should be Permanent (301).

Redirect Only Specific Sites On Server To HTTPS

Redirect all non-HTTPS requests to use an HTTPS connection for specific sites by adding the following to your nginx.conf file:

server {
    listen 80;
    server_name example.com;
    return 301 https://example.com$request_uri;
}
server {
    listen 80;
    server_name another.com;
    return 301 https://another.com$request_uri;
}

Given the above configuration, only HTTP requests to example.com and another.com will be redirected to use the HTTPS protocol For SEO purposes, this redirect should be Permanent (301).

In More Detail

While in past decades, HTTPS connections were only used for sites which deal in sensitive information – banks and financial institution, governmental – it is becoming more and more common as HTTPS has become easier and lest costly to implement and has quickly become the standard for all websites.

Aside from the security benefits of having all traffic to a website encrypted, there are some additional benefits to consider if you haven’t made the move to secure connections on every website you may control:

  • Perform better in search engine results – since 2014, Google has been ramping up its preference for secure websites; it is now a clear signal in their ranking algorithm, and you may be getting outranked by secure sites if yours isn’t already using HTTPS exclusively
  • Increase eCommerce conversions – surveys have shown that most people will NOT make a purchase over an insecure connection; additionally, most browsers today clearly indicate on the URL bar whether a connection to a site is insecure, degrading confidence even further for users of a non-HTTPS website
  • Secure websites will become the standard – as the web continues to grow, and the number of malicious denizens of the web continues to grow, security and privacy will become paramount; be ahead of the curve when it comes to making the web a secure place to be

SSL certificates come in both free and commercial grades, with the commercial certificates having varying degrees of functionality, such as wildcard certs, multi-domain certs, and the premium ‘green bar’ certificates.

Check our Resources section for places to get both free and commercial SSL certificates.