Today I’d like to show how to enforce the use of SSL on your sites. That is, redirecting all user HTTP requests to their HTTPS counterparts.

As always, let’s go to the OpenResty Edge’s Admin web console. This is our sample deployment of the console. Every user has her own local deployment.

This time we use our continuing sample application for the test-edge.com domain.

Screenshot

Let’s enter this application.

Screenshot

Let’s go to the page rules.

Screenshot

Create a new page rule.

Screenshot

We enable a rule condition for all HTTP requests.

Screenshot

Let’s see all the variables we can choose from.

Screenshot

We select Scheme.

Screenshot

We keep the string equality operator intact.

Screenshot

We choose http as the value.

Screenshot

Screenshot

The condition is now complete. It is matching all HTTP requests and excluding any HTTPS ones.

Then for the action part of the rule, we can configure a 301 redirect action.

Screenshot

We have a lot of actions here.

Screenshot

So better search for the Redirect action.

Screenshot

Select it.

Screenshot

We keep the current request URI intact.

Screenshot

And we also inherit the current request’s URI arguments or query string.

Screenshot

We need to change the request scheme of the new request though.

Screenshot

We select https.

Screenshot

We can select 301 redirect instead here.

Screenshot

It is the Moved Permanently redirect type.

Screenshot

We make sure this rule runs before any existing normal rules.

Screenshot

Make sure we skip any subsequent rules when this rule is matched.

Screenshot

It’s not really necessary for this rule. But it is always a good idea to be explicit when we want to immediately stop request processing.

Create this rule for real.

Screenshot

We can see our new page rule to redirect all HTTP requests to their HTTPS counterparts.

Screenshot

We need to make a new release to push out our new page rule, as always.

Screenshot

Click on this button.

Screenshot

Ship it!

Screenshot

It is fully synchronized.

Screenshot

Now the new page rule has been pushed to all the gateway clusters and servers.

Screenshot

Our configuration changes do NOT require server reload, restart, or binary upgrade. So it’s very efficient and scalable.

Embeded image

Let’s open a new browser tab to access the test-edge.com site via HTTP.

We can see it indeed becomes HTTPS. Note the small lock icon in the browser address bar.

On the terminal, we can also test it out using curl.

curl -Ss -I http://test-edge.com/

It is indeed a 301 redirect to use the HTTPS protocol.

screenshot 1

Let’s try a more complex URI and query string.

curl -Ss -I 'http://test-edge.com/foo/bar?a=32&b=56'

We can see it is still a redirect to HTTPS.

screenshot 3

And the URI and query string are also carried on.

screenshot 4

If you like this tutorial, please subscribe to this blog site and/or our Vimeo account and/or our YouTube channel. Thank you!

About This Article and Associated Video

This article and its associated video are both generated automatically by our OpenResty Showman product from a simple screenplay file.

About The Author

Yichun Zhang (Github handle: agentzh), is the original creator of the OpenResty® open-source project and the CEO of OpenResty Inc..

Yichun is one of the earliest advocates and leaders of “open-source technology”. He worked at many internationally renowned tech companies, such as Cloudflare, Yahoo!. He is a pioneer of “edge computing”, “dynamic tracing” and “machine coding”, with over 22 years of programming and 16 years of open source experience. Yichun is well-known in the open-source space as the project leader of OpenResty®, adopted by more than 40 million global website domains.

OpenResty Inc., the enterprise software start-up founded by Yichun in 2017, has customers from some of the biggest companies in the world. Its flagship product, OpenResty XRay, is a non-invasive profiling and troubleshooting tool that significantly enhances and utilizes dynamic tracing technology.

As an avid open-source contributor, Yichun has contributed more than a million lines of code to numerous open-source projects, including Linux kernel, Nginx, LuaJIT, GDB, SystemTap, LLVM, Perl, etc. He has also authored more than 60 open-source software libraries.

Translations

We provide the Chinese translation for this article on blog.openresty.com.cn. We welcome interested readers to contribute translations in other natural languages as long as the full article is translated without any omissions. We thank them in advance.

We are hiring

We always welcome talented and enthusiastic engineers to join our team at OpenResty Inc. to explore various open source software’s internals and build powerful analyzers and visualizers for real world applications built atop the open source software. If you are interested, please send your resume to talents@openresty.com . Thank you!