# Nginx redirection



## fred974 (Dec 23, 2013)

Hello everyone,

I am running a WordPress(3.8) website power by Nginx.

In order to secure the admin area, I added the following in my wp-config.php file:


```
define('FORCE_SSL_ADMIN', true);
define('FORCE_SSL_LOGIN', true);
```

The problem that I have is that when I bought the SSL certificate, I only typed mysite.fr and didn’t add http://www.mysite.fr. Which mean that the green padlock will only show if I directly access the admin page using https://mysite.fr/wp-admin.

I have set a rewrite rule to have all the www entry rewritten to non-www to try to overcome the issue but when typing http://www.mysite.fr/wp-admin , the browser  still see it as having www in front except for Firefox.

Could anyone help me to write a rule so that when I am on http://www.mysite.fr/wp-admin I get redirected to https://mysiyte.fr/wp-admin

below is my current Nginx config file:

```
server {
  listen 80;
  client_max_body_size 2M;
  server_name http://www.mysite.fr mysite.fr;
  ## redirect www to non-www ##
  if ($host = 'www.mysite.fr' ) {
         rewrite  ^/(.*)$  http://mysite.fr/$1  permanent;
      }
  access_log  /www/webs/mysite_fr/logs/access80.log;
  error_log   /www/webs/mysite_fr/logs/error80.log error;
  root /www/webs/mysite_fr/httpdocs;
  index index.php;
  autoindex off;
  include /wp-global/wordpress-both.conf;
  location ~ ^/.*\.php {
      try_files $uri =404;
      include fastcgi_params;
      fastcgi_pass 127.0.0.1:9000;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      fastcgi_intercept_errors on;
  }

}

# HTTPS server
server {
  client_max_body_size 2M;
  listen 443 ssl spdy;
  server_name mysite.fr;
  access_log  /www/webs/mysite_fr/logs/access443.log;
  error_log   /www/webs/mysite_fr/logs/error443.log debug;
  root /www/webs/mysite_fr/httpdocs;
  index index.php;
  autoindex off;
  include /www/wp-global/wordpress-both.conf;

  ssl on;
  ssl_certificate_key /ssl_keys/myserver.key;
  ssl_certificate /ssl_keys/mycert.crt;
  ssl_protocols TLSv1.2 TLSv1.1 TLSv1 SSLv3;
  ssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!EDH:!AESGCM;
  ssl_prefer_server_ciphers on;

  location ~ ^/.*\.php {
      try_files $uri =404;
      include fastcgi_params;
      fastcgi_pass 127.0.0.1:9000;
      fastcgi_param HTTPS on;
      fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
      fastcgi_intercept_errors on;
  }
}
```

Thank you


----------



## eetlotsgloo (Dec 26, 2013)

Have you read Pitfalls and IfIsEvil?

Try removing the if block and adding this:

```
location /wp-admin {
        return 301 https://mysite.fr$request_uri;
    }
```

You might also want to add another block under your HTTPS section to redirect back to non SSL (and/or add www again).


----------



## fred974 (Dec 27, 2013)

Thank you very much for you reply @eetlotsgloo
It is very much appreciated

Fred


----------

