diff --git a/recipes-httpd/nginx/files/nginx.conf b/recipes-httpd/nginx/files/nginx.conf
index 516973c..d788fd2 100644
--- a/recipes-httpd/nginx/files/nginx.conf
+++ b/recipes-httpd/nginx/files/nginx.conf
@@ -42,8 +42,16 @@
     client_header_buffer_size 1k;
     large_client_header_buffers 4 8k;
 
+    # redirect all http traffic to https
     server {
-        listen       8081 ssl;
+        listen 80 default_server;
+        listen [::]:80 default_server;
+        server_name _;
+        return 301 https://$host$request_uri;
+    }
+
+    server {
+        listen       443 ssl;
         server_name  127.0.0.1;
 
         ssl                  on;
@@ -61,7 +69,7 @@
                 # is not listening on. This generates an error msg to
                 # the journal. Nginx then uses the 127.0.0.1 and everything
                 # works fine but want to avoid the error msg to the log.
-                proxy_pass https://127.0.0.1:443/;
+                proxy_pass http://127.0.0.1:8081/;
         }
         location ~ (/org/openbmc/control/flash/bmc/action/update|/upload/image|/download/dump) {
                  # Marked as 32MB to allow for firmware image updating and dump
@@ -71,7 +79,7 @@
                  # Only 1 connection at a time here from an IP
                  limit_conn addr 1;
 
-                 proxy_pass https://127.0.0.1:443;
+                 proxy_pass http://127.0.0.1:8081;
         }
 
         include /etc/nginx/sites-enabled/443_*.conf;