[INSTALLATION] How to use with default.conf that redirects all HTTP -> HTTPS traffic

[cca32]

Awesome package! Works great. This is a very silly question as my knowledge of nginx isn't very strong.

I have the following default.conf:

# routes all http to https
server {
    listen 80;
    listen [::]:80;

    server_name _;
    server_tokens off;

    ##
    # Nginx Bad Bot Blocker Includes
    # REPO: https://github.com/mitchellkrogza/nginx-ultimate-bad-bot-blocker
    ##s
    include /etc/nginx/bots.d/ddos.conf; 
    include /etc/nginx/bots.d/blockbots.conf;
    
    location / {
        return 301 https://$host.com$request_uri;
    }
}

So it works for all HTTP traffic. I then have other .conf files with the corresponding https traffic which do not get protected. Am I using nginx design in an anti-pattern way?

What would be the best way to redirect all http traffic to https , and only have to provide the appropriate include files only once?

Thanks!

[mitchellkrogza]

Just add the includes to both your port 80 and port 443 config files/blocks. This will reject / block traffic on both ports so in many cases rejecting traffic on port 80 before it even reaches port 443.

[cca32]

Yep that makes sense and is my current approach. Is there a way to structure the nginx files so that the include directive is only used once?

Let's say I have 3 subdomains each with a 443 conf file.

Is it necessary to have a 443 block with include directives for every domain? Or is it possible to apply the include at some larger level that each 443 server block inherits or something

Thanks so much! Great package