Redirect HTTP to HTTPS (Middleware redirect vs Nginx)

Question

I want to ask about HTTP-to-HTTPS redirections. As we know WWW-to-none-WWW redirections happen by redirecting from the web server side. But when it comes to the https redirection, it can be done by both ways, server-side ( Nginx etc... ) and application-side ( Middleware ). I want to know:

1. Which of the ways are effective and have more performance.
2. The pros and cons of each way considering multiple top-level domains and sub-domain domains on the same server.

Thank you.

Reference:

1. Redirect WWW to non-WWW in Laravel - Stack overflow
2. Redirect HTTP to HTTPS in Laravel - Stack overflow
3. HTTP Request To HTTPS on nginx - nixCraft

Answer 1

Server-based redirection here should be more performant because it happens before any application code gets loaded.

Personally, I always do this in the nginx server{} block for all sites. I create a conf file for a domain and have 2 server{} blocks, a main one listening on 443 for HTTPS traffic, and a small one that just recognises the (sub)domain and does a redirect to the HTTPS protocol.

Here's an example redirect server{} block I have for a particular subdomain:

server {
    server_tokens off;
    listen 80;
    server_name sub.domain.com;
    return 301 https://sub.domain.com$request_uri;
}

As for pros cons for server-based, the obvious ones I would say are:

Pros

• Performance
• Simplicity

Cons

• root access required (for nginx at least, Apache you could do it in a .htaccess file, but this in itself has performance costs)
• Can't change things on the fly so easily (flexibility?)