Today I’d like to show how to enforce the use of SSL on your sites. That is, redirecting all user HTTP requests to their HTTPS counterparts.
As always, let’s go to the OpenResty Edge’s Admin web console. This is our sample deployment of the console. Every user has her own local deployment.
This time we use our continuing sample application for the test-edge.com domain.
Let’s enter this application.
Let’s go to the page rules.
Create a new page rule.
We enable a rule condition for all HTTP requests.
Let’s see all the variables we can choose from.
We keep the string equality operator intact.
http as the value.
Then for the action part of the rule, we can configure a 301 redirect action.
We have a lot of actions here.
So better search for the
We keep the current request URI intact.
And we also inherit the current request’s URI arguments or query string.
We need to change the request scheme of the new request though.
We can select 301 redirect instead here.
It is the
Moved Permanently redirect type.
We make sure this rule runs before any existing normal rules.
Make sure we skip any subsequent rules when this rule is matched.
It’s not really necessary for this rule. But it is always a good idea to be explicit when we want to immediately stop request processing.
Create this rule for real.
We can see our new page rule to redirect all HTTP requests to their HTTPS counterparts.
We need to make a new release to push out our new page rule, as always.
Click on this button.
It is fully synchronized.
Now the new page rule has been pushed to all the gateway clusters and servers.
Our configuration changes do NOT require server reload, restart, or binary upgrade. So it’s very efficient and scalable.
Let’s open a new browser tab to access the test-edge.com site via
We can see it indeed becomes
HTTPS. Note the small lock icon in the browser address bar.
On the terminal, we can also test it out using
curl -Ss -I http://test-edge.com/
It is indeed a 301 redirect to use the HTTPS protocol.
Let’s try a more complex URI and query string.
curl -Ss -I 'http://test-edge.com/foo/bar?a=32&b=56'
We can see it is still a redirect to
And the URI and query string are also carried on.
Yichun Zhang is the creator of the OpenResty® open source project. He is also the founder and CEO of the OpenResty Inc. company. He contributed a dozen open source Nginx 3rd-party modules, quite some Nginx and LuaJIT core patches, and designed products like OpenResty Edge, OpenResty XRay, and OpenResty Showman.
We provide the Chinese translation for this article on blog.openresty.com.cn. We welcome interested readers to contribute translations in other natural languages as long as the full article is translated without any omissions. We thank them in advance.
We always welcome talented and enthusiastic engineers to join our team at OpenResty Inc.
to explore various open source software’s internals and build powerful analyzers and
visualizers for real world applications built atop the open source software. If you are
interested, please send your resume to
email@example.com . Thank you!