<div dir="ltr">Hello!<br><div><br>After your upstream block, but before your server (https) block put something like this:<br><br>server {<br>        listen         80;<br>        server_name    <a href="http://xxxxxxxxx.ch">xxxxxxxxx.ch</a> <a href="http://www.xxxxxxxxx.ch">www.xxxxxxxxx.ch</a>;<br>        return         301 https://$server_name$request_uri;<br>}<br><br></div><div>...and remove the ## http redirects to https ## at the bottom.<br></div><div><div class="gmail_extra"><br clear="all"><div><div class="gmail_signature">Best regards,<br>Kevin<br>--<br>Kevin Worthington<br>kworthington att gmail dat com<br><a href="http://kevinworthington.com/" target="_blank">http://kevinworthington.com/</a><br><a href="http://twitter.com/kworthington" target="_blank">http://twitter.com/kworthington</a></div></div>
<br><div class="gmail_quote">On Wed, Dec 30, 2015 at 9:36 AM, Parzip <span dir="ltr"><<a href="mailto:nginx-forum@forum.nginx.org" target="_blank">nginx-forum@forum.nginx.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello!<br>
<br>
I am trying to set up nginx to<br>
<br>
- switch from http traffic to https<br>
- send alls https traffic to my odoo backend on port 8069<br>
<br>
This is already working for different subdomains, but not for the domain<br>
itself.<br>
<br>
http://(www.)<a href="http://subdomain.domain.ch" rel="noreferrer" target="_blank">subdomain.domain.ch</a> => https://(www.)<a href="http://subdomain.domain.ch" rel="noreferrer" target="_blank">subdomain.domain.ch</a><br>
http://(www.)<a href="http://domain.ch" rel="noreferrer" target="_blank">domain.ch</a> => http://(www.)<a href="http://domain.ch" rel="noreferrer" target="_blank">domain.ch</a>, backend ist beeing loaded<br>
but not secured<br>
<br>
1) Why is <a href="http://domain.ch" rel="noreferrer" target="_blank">domain.ch</a> not beeing redirected to <a href="https://domain.ch" rel="noreferrer" target="_blank">https://domain.ch</a>?<br>
<br>
2) I would like to set up the let's encrypt ssl renewal script described<br>
here:<br>
<a href="https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04" rel="noreferrer" target="_blank">https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-14-04</a><br>
For this I need to put a file into the webroot folder, but I don't know how<br>
to define this folder...<br>
<br>
Thank you for your help.<br>
<br>
<br>
This is my "odoo" file in sites-available:<br>
<br>
<br>
## odoo backend ##<br>
upstream odoo {<br>
    server <a href="http://127.0.0.1:8069" rel="noreferrer" target="_blank">127.0.0.1:8069</a>;<br>
}<br>
<br>
## https site##<br>
server {<br>
    listen      443 default;<br>
    server_name *.<a href="http://xxxxx.ch" rel="noreferrer" target="_blank">xxxxx.ch</a> <a href="http://xxxxx.ch" rel="noreferrer" target="_blank">xxxxx.ch</a> <a href="http://www.xxxxx.ch" rel="noreferrer" target="_blank">www.xxxxx.ch</a>;<br>
    # root        /usr/share/nginx/html;<br>
    # index       index.html index.htm;<br>
<br>
    # log files<br>
    access_log  /var/log/nginx/odoo-access.log;<br>
    error_log   /var/log/nginx/odoo-error.log;<br>
<br>
    # ssl files<br>
    ssl on;<br>
    ssl_certificate /etc/letsencrypt/live/<a href="http://xxxxx.ch/fullchain.pem" rel="noreferrer" target="_blank">xxxxx.ch/fullchain.pem</a>;<br>
    ssl_certificate_key /etc/letsencrypt/live/<a href="http://xxxxx.ch/privkey.pem" rel="noreferrer" target="_blank">xxxxx.ch/privkey.pem</a>;<br>
    keepalive_timeout   60;<br>
<br>
    # limit ciphers<br>
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;<br>
    ssl_prefer_server_ciphers on;<br>
    ssl_ciphers AES256+EECDH:AES256+EDH:!aNULL;<br>
<br>
<br>
    # proxy buffers<br>
    proxy_buffers 16 64k;<br>
    proxy_buffer_size 128k;<br>
<br>
    ## default location ##<br>
    location / {<br>
        proxy_pass  <a href="http://odoo" rel="noreferrer" target="_blank">http://odoo</a>;<br>
        # force timeouts if the backend dies<br>
        proxy_next_upstream error timeout invalid_header http_500 http_502<br>
http_503 http_504;<br>
        proxy_redirect off;<br>
<br>
        # set headers<br>
        proxy_set_header    Host            $host;<br>
        proxy_set_header    X-Real-IP       $remote_addr;<br>
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;<br>
        proxy_set_header    X-Forwarded-Proto https;<br>
    }<br>
<br>
    # cache some static data in memory for 60mins<br>
    location ~* /web/static/ {<br>
        proxy_cache_valid 200 60m;<br>
        proxy_buffering on;<br>
        expires 864000;<br>
        proxy_pass <a href="http://odoo" rel="noreferrer" target="_blank">http://odoo</a>;<br>
    }<br>
}<br>
<br>
## http redirects to https ##<br>
server {<br>
    listen      80;<br>
    server_name *.<a href="http://xxxxx.ch" rel="noreferrer" target="_blank">xxxxx.ch</a> <a href="http://www.xxxxx.ch" rel="noreferrer" target="_blank">www.xxxxx.ch</a> <a href="http://xxxxx.ch" rel="noreferrer" target="_blank">xxxxx.ch</a>;<br>
<br>
    # Strict Transport Security<br>
    add_header Strict-Transport-Security max-age=2592000;<br>
    rewrite ^/.*$ https://$host$request_uri? permanent;<br>
}<br>
<br>
Posted at Nginx Forum: <a href="https://forum.nginx.org/read.php?2,263786,263786#msg-263786" rel="noreferrer" target="_blank">https://forum.nginx.org/read.php?2,263786,263786#msg-263786</a><br>
<br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
</blockquote></div><br></div></div></div>