Simple SSL Question
the.energetic at gmail.com
Sat Jun 8 18:18:46 UTC 2013
I'm using nginx with SSL, and I want to always redirect to www, regardless of whether the request is http or https. I just want to redirect to the respective protocol but with www.
I have the port 80 server block working fine. Beneath my first server block I have...
return 301 http://www.example.com$request_uri;
and this works fine. But for my port 443 server block for https, I have all kinds of information inside regarding ssl on and different ciphers to use.
I really don't want to mess up anything up related to security by doing something stupid.. so my question is on this second block for port 443 underneath the first one...
return 301 https://www.example.com$request_uri;
do I need anything else? do I need ssl on or any other security related things? If they visit non-www does that mean it transfers the request insecurely or something (even for a split second while its redirecting?)
Just want to make sure what I have is solid and secure. It seems to work but I want to double check.
More information about the nginx