While setting up LetsEncrypt to work with CloudFlare, I ran into a bunch of issues with my NginX config that caused me a bunch of downtime. Because I run multiple domains, I wanted to keep my non-www to www URL redirects and also redirect HTTP to HTTPS.

Before, I was using just:

server {
server_name "~^([^.]*\.[^.]*)$";
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
return 301 $scheme://www.$host$request_uri;
}

It’s an incredibly elegant redirect. But it didn’t work well with my HTTPS redirect. So, I changed it to be a bit easier to understand (and more time-consuming to set up), which looks like this:

# NGINX Server Block for:
# Redirect non-www base domain (domain.com) to www (www.domain.com)
# Redirect HTTP to HTTPS SSL (HTTP2)
# Supports multiple domains and subdomains
# Created by George Liu (www.georgeliu.me / Github:tgmgroup)
# STEP 1 - Base HTTPS Block
server {
#Listen only on HTTPS, use STEP 3 to redirect from HTTP
listen 443 ssl http2;
listen [::]:443 ssl http2;
# Put Includes Here
# Change .domain1.com and .domain2.com to your own domain
# The .domain1.com wildcard format (DOT domain) catches all domains and subdomains of domain1.com
server_name .domain1.com .domain2.com;
# Put Server Configs Here
# Put Other Configs Here
}
# STEP 2 -  Redirect base (non-www URL) to HTTPS www
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
# Catch only www subdomains on HTTP and HTTPS
server_name domain1.com domain2.com;
# Permanent redirect to HTTPS and www
return 301 https://www.$host$request_uri;
# Use the following if redirecting www to non-www URLs
#        server_name www.domain1.com www.domain2.com;
#        return 301 https://$host$request_uri;
# If using both HTTPS and HTTP (only www redirect), edit STEP 1 to include
#        listen 80;
#        listen [::]:80;
# and remove STEP 3
# and change the return 301 line to use "$scheme://" instead of "https://"
}
# STEP 3 -  Redirect all non- base-non-www HTTP to HTTPS
server {
listen 80;
listen [::]:80;
# Catch all base and subdomains on HTTP, including redirects from STEP 2
server_name .domain1.com .domain2.com;
# If user prefers, use "www.domain1.com *.domain1.com" combination instead of
# ".domain1.com" wildcard to avoid NGINX warnings
return 301 https://$host$request_uri;
}
view raw config hosted with ❤ by GitHub

Don’t forget the linux commands to edit and restart NginX

sudo nano /etc/nginx/sites-enabled/(config)
sudo nginx -t && sudo service nginx restart (OR) sudo systemctl restart nginx

And don’t forget to change your DNS settings at your DNS provider:

add a CNAME record: www as name and @ as hostname

Resources: 1, 2, 3, 4, 5, 6, 7, 8

For those of us that run websites based on Google Sites, the recent boost in search rankings for HTTPS websites, and the subsequent devaluing of unsecured HTTP websites, may have hurt us.

However, there is no way to enable HTTPS for a Google Site with a custom domain, at least not yet. This would require an SSL certificate for the domain name, something Google does not yet provide. However, HTTPS can be enabled through redirects from the custom domain to Google’s URL scheme.

Is there a workaround? There could be, by using a CloudFlare caching solution.

Sources
http://webapps.stackexchange.com/questions/54463/custom-domain-under-ssl-with-google-sites