Are my NGINX server blocks set up improperly (HTTPS 301's and assets not being cached in browsers)?

Question

I inherited a server and there are a couple of issues that I have diagnosed and that certain page speed performance tests are flagging.

1) In the server block certain requests are being redirected to https://25parkrow.com. For example, if you just type in wwww.25parkrow.com or 25parkrow.com a redirect occurs. But if you type in https://25parkrow.com there is no redirect. As you can see the redirects are happening in the included server blocks. Is this an acceptable practice? If not, how do I avoid these redirects?

2) I am having issues with setting the expire headers on my static assets. If I update the files on the server and reload the nginx server, browsers are not seeing the updated assets.

I read through this post: Setting expires headers for static content served from nginx. However it confused me because I am not sure where to place the cache header in the below server blocks.

nginx.conf:

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;
    gzip_disable "msie6";

    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 6;
    gzip_buffers 16 8k;
    gzip_http_version 1.1;
    gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

/etc/nginx/sites-enabled/active (only one file active):

server {
  add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

  root /var/www/html;

  # Add index.php to the list if you are using PHP
  index index.html index.htm index.nginx-debian.html;

  server_name 25parkrow.com www.25parkrow.com;

  # Any route that doesn't have a file extension (e.g. /devices)
  location / {
    try_files $uri $uri/ /index.html;
  }

  if ($host = www.25parkrow.com) {
    rewrite ^(.*) https://25parkrow.com$request_uri;
  }

  listen 443 ssl; # managed by Certbot
  ssl_certificate /etc/letsencrypt/live/25parkrow.com/fullchain.pem; # managed by Certbot
  ssl_certificate_key /etc/letsencrypt/live/25parkrow.com/privkey.pem; # managed by Certbot
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
  listen 80 default_server;
  server_name 25parkrow.com www.25parkrow.com;

  if ($host = www.25parkrow.com) {
      return 301 https://$host$request_uri;
  } # managed by Certbot


  if ($host = 25parkrow.com) {
      return 301 https://$host$request_uri;
  } # managed by Certbot

  return 404; # managed by Certbot
}

Answer 1

1. It is expected, when installing LetsEncrypt certificate, you chose to redirect http to https. You can comment the redirection in your nginx config file to disable this.

2. In your existing nginx configuration, http is redirected to https. So, make sure you configure the 'expire headers' in your https server block.