Back to Linter
Errorbest practice

HTTP Redirect Without SSL

Why HTTP-to-HTTPS redirects fail when SSL is not configured.

What This Rule Checks

This rule detects when HTTP-to-HTTPS redirect is enabled but SSL/TLS is not configured.

Why It Matters

Enabling HTTP-to-HTTPS redirect without having SSL configured will cause an infinite redirect loop or connection refused error. Browsers will show "too many redirects" errors.

Bad — Triggers this rule

server {
    listen 80;
    server_name example.com;
    return 301 https://$host$request_uri;
    # But no SSL server block exists!
}

Good — Passes this rule

server {
    listen 443 ssl http2;
    server_name example.com;
    ssl_certificate /path/to/cert.pem;
    ssl_certificate_key /path/to/key.pem;
    root /var/www/html;
}

server {
    listen 80;
    server_name example.com;
    return 301 https://$host$request_uri;
}

How to Fix

Enable SSL/TLS first in Configen's SSL section, then enable the HTTP-to-HTTPS redirect.

Related Rules

security-ssl-missingsecurity-ssl-protocols-outdated

Check your config now

Paste your nginx.conf and get instant feedback on 20+ rules.

Open Linter →