
Installing an SSL certificate is only half the job. Without an explicit redirect, visitors who type your domain without https:// or follow an old http:// link land on the unencrypted version of your site. Browsers mark HTTP pages as "Not Secure", which hurts trust and conversion. Google also ranks HTTPS pages higher as a confirmed ranking signal.
The redirect must be a 301 (permanent) response, not a 302 (temporary). A 301 tells search engines to transfer all SEO equity from the HTTP URL to the HTTPS URL. A 302 does not — search engines may continue indexing the HTTP version and split page authority between the two URLs.
The cleanest approach uses a dedicated server block for port 80 that does nothing except redirect all traffic to the HTTPS equivalent. The $host variable preserves the requested hostname (works for both www and non-www), and $request_uri preserves the full path including query strings.
Use return 301 instead of rewrite ^ https://... permanent. The return directive is processed immediately by Nginx without running regex matching — it is faster, cleaner, and less prone to misconfiguration.
Google treats www.example.com and example.com as separate URLs. Serving content on both without a canonical redirect splits PageRank and can cause duplicate content issues. Choose one version as canonical — most modern sites use non-www — and redirect the other.
A 301 redirect is permanent — search engines update their index to point to the new URL, browsers cache the redirect indefinitely, and PageRank transfers fully. A 302 redirect is temporary — search engines keep the original URL in their index and may or may not pass PageRank to the destination.
Use 301 for HTTP-to-HTTPS redirects and www canonicalization — these are permanent decisions. Use 302 only for genuinely temporary redirects, such as redirecting users during maintenance, or A/B testing where you intend to revert. If you accidentally used 302 and now want search engines to re-crawl with 301, they will update gradually but it can take weeks for the cache to expire.
The complete production setup uses three server blocks: one for HTTP redirecting to HTTPS, one for www redirecting to non-www (HTTPS), and one for the canonical HTTPS non-www domain serving actual content.
Test that the redirect works and that there are no redirect loops. A redirect loop happens when your application redirects back to HTTP (common with misconfigured WordPress HTTPS settings), causing an infinite cycle. CloudStick handles SSL configuration and HTTPS redirect automatically — when you enable SSL through the CloudStick dashboard, the correct redirect blocks are added without requiring manual configuration.

