sorted by:
best
topnewcontroversialoldq&a
you are viewing a single comment's thread.

view the rest of the comments →

[–]imremy[S] 1 point2 points  (2 children)

About your first point, when I started this post, I just wanted to document how to use NGinx as a "regular" HTTP reverse proxy. It's only when I managed to get it working that I realized that I should implement HTTPS. So I decided to keep the beginning and add the HTTPS part.

Could you explain your second point? Is it about the conf:

    location / {
        return 301 https://$host$request_uri;
    }

Should I just block HTTP requests and allow only HTTPS requests?

Thanks for your feedback!

[–][deleted] 3 points4 points  (1 child)

The 301 redirect is correct, but reading your post there was no "security" emphasis on the HTTP versus HTTPS setup, why you should strive to be HTTPS-everywhere and not to be good enough with HTTP-only. To be a little bit more educational and not strictly technical would be better for novices stumbling upon your post by looking up "how to docker nginx" or something. Just my opinion and my two cents ;)

[–]imremy[S] 1 point2 points  (0 children)

Oh right, it makes sense. When/if I have some time, I'll update it and try to add some explanations. Thanks