Redirect HTTP ke HTTPS di Nginx: Panduan Lengkap

Baik, saya buatkan konfigurasi lengkap untuk redirect HTTP ke HTTPS. Ini untuk VPS Lokal (10.122.25.172):

Konfigurasi Nginx di VPS Lokal

sudo nano /etc/nginx/sites-available/laravel

Ganti dengan konfigurasi ini:

server {
    listen 80;
    listen [::]:80;
    
    server_name _;
    root /var/www/laravel/public;
    
    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-Content-Type-Options "nosniff";
    
    index index.php index.html;
    charset utf-8;
    
    # Logging
    access_log /var/log/nginx/laravel-access.log;
    error_log /var/log/nginx/laravel-error.log;
    
    # Jika request datang dari proxy dengan HTTPS, set HTTPS untuk Laravel
    # Ini penting agar Laravel tahu request aslinya HTTPS
    if ($http_x_forwarded_proto = "https") {
        set $https_status on;
    }
    
    fastcgi_param HTTPS $https_status if_not_empty;
    
    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }
    
    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt { access_log off; log_not_found off; }
    
    error_page 404 /index.php;
    
    location ~ \.php$ {
        fastcgi_pass unix:/run/php/php8.3-fpm.sock;
        fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
        include fastcgi_params;
        fastcgi_hide_header X-Powered-By;
        
        # Pass HTTPS status to PHP
        fastcgi_param HTTPS $https_status if_not_empty;
        
        # Increase timeouts untuk request yang lama
        fastcgi_read_timeout 300;
    }
    
    location ~ /\.(?!well-known).* {
        deny all;
    }
    
    # Max upload size
    client_max_body_size 100M;
}
# Test dan reload
sudo nginx -t
sudo systemctl reload nginx

Konfigurasi Nginx di VPS Proxy (10.122.25.227)

Ini yang penting - redirect HTTP ke HTTPS dilakukan di sini:

sudo nano /etc/nginx/sites-available/laravel-proxy
# HTTP - Redirect semua ke HTTPS
server {
    listen 80;
    listen [::]:80;
    server_name yourdomain.com www.yourdomain.com;
    
    # Redirect ke HTTPS
    return 301 https://$host$request_uri;
}

# HTTPS - Main Server
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name yourdomain.com www.yourdomain.com;
    
    # SSL certificates (akan diisi otomatis oleh certbot)
    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;
    
    # SSL configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_prefer_server_ciphers off;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384;
    ssl_session_cache shared:SSL:10m;
    ssl_session_timeout 10m;
    
    # HSTS (optional, tapi recommended)
    add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
    
    # Logs
    access_log /var/log/nginx/laravel-access.log;
    error_log /var/log/nginx/laravel-error.log;
    
    # Proxy settings
    location / {
        proxy_pass http://10.122.25.172:80;
        proxy_http_version 1.1;
        
        # Headers - PENTING untuk Laravel
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_set_header X-Forwarded-Port $server_port;
        
        # Timeouts
        proxy_connect_timeout 60s;
        proxy_send_timeout 60s;
        proxy_read_timeout 60s;
        
        # Buffering
        proxy_buffering on;
        proxy_buffer_size 4k;
        proxy_buffers 8 4k;
        proxy_busy_buffers_size 8k;
    }
    
    # WebSocket untuk WhatsApp Gateway (jika pakai socket.io)
    location /socket.io/ {
        proxy_pass http://10.122.25.172:80;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        
        proxy_buffering off;
        proxy_cache_bypass $http_upgrade;
        proxy_connect_timeout 7d;
        proxy_send_timeout 7d;
        proxy_read_timeout 7d;
    }
    
    # Client settings
    client_max_body_size 100M;
}
# Test dan reload
sudo nginx -t
sudo systemctl reload nginx

Update .env di Laravel

sudo nano /var/www/laravel/.env

Tambahkan/update:

APP_URL=https://yourdomain.com

# Trust proxy
TRUSTED_PROXIES=10.122.25.227,127.0.0.1

Update TrustProxies Middleware

nano /var/www/laravel/app/Http/Middleware/TrustProxies.php
<?php

namespace App\Http\Middleware;

use Illuminate\Http\Middleware\TrustProxies as Middleware;
use Illuminate\Http\Request;

class TrustProxies extends Middleware
{
    /**
     * The trusted proxies for this application.
     *
     * @var array<int, string>|string|null
     */
    protected $proxies = [
        '10.122.25.227',
        '127.0.0.1',
    ];

    /**
     * The headers that should be used to detect proxies.
     *
     * @var int
     */
    protected $headers =
        Request::HEADER_X_FORWARDED_FOR |
        Request::HEADER_X_FORWARDED_HOST |
        Request::HEADER_X_FORWARDED_PORT |
        Request::HEADER_X_FORWARDED_PROTO |
        Request::HEADER_X_FORWARDED_AWS_ELB;
}

Clear Cache Laravel

cd /var/www/laravel
php artisan config:clear
php artisan cache:clear
php artisan route:clear

Generate SSL dengan Certbot

# Di VPS Proxy
sudo certbot --nginx -d yourdomain.com -d www.yourdomain.com

Certbot akan otomatis update konfigurasi SSL di file nginx.

Testing

# Test redirect HTTP ke HTTPS
curl -I http://yourdomain.com
# Harus return: HTTP/1.1 301 Moved Permanently
# Location: https://yourdomain.com/

# Test HTTPS
curl -I https://yourdomain.com
# Harus return: HTTP/2 200

# Test dari browser
# Buka: http://yourdomain.com
# Harus otomatis redirect ke: https://yourdomain.com

Troubleshooting

Jika masih HTTP setelah akses:

# Cek Laravel log
tail -f /var/www/laravel/storage/logs/laravel.log

# Cek Nginx error log (VPS Proxy)
sudo tail -f /var/log/nginx/laravel-error.log

# Pastikan Laravel detect HTTPS
# Tambahkan di routes/web.php untuk testing:
Route::get('/test-https', function() {
    return [
        'scheme' => request()->getScheme(),
        'secure' => request()->secure(),
        'url' => url()->current(),
    ];
});

Jika mixed content (CSS/JS masih HTTP):

Update di .env:

ASSET_URL=https://yourdomain.com

Atau force HTTPS di app/Providers/AppServiceProvider.php:

public function boot()
{
    if ($this->app->environment('production')) {
        \URL::forceScheme('https');
    }
}

Ganti yourdomain.com dengan domain Anda yang sebenarnya, lalu test. Kalau ada error, kasih tahu saya!

Nginx: Konfigurasi Redirect HTTP ke HTTPS untuk VPS Lokal & Proxy

Konfigurasi Nginx di VPS Lokal

Konfigurasi Nginx di VPS Proxy (10.122.25.227)

Update .env di Laravel

Update TrustProxies Middleware

Clear Cache Laravel

Generate SSL dengan Certbot

Testing

Troubleshooting

Jika masih HTTP setelah akses:

Jika mixed content (CSS/JS masih HTTP):

Bagikan Artikel

Artikel Terkait

Perang Asimetris Iran: Strategi Cerdas Hadapi Dominasi Militer AS & Israel

Kristen Zionisme: Pengaruh Ideologi Agama AS pada Konflik Timur Tengah & Iran

Pergeseran Ekonomi AS: Dari Manufaktur ke Finansial Spekulatif dan Dampaknya pada Kekaisaran Global