diff --git a/letsencrypt-nginx/letsencrypt_nginx/configurator.py b/letsencrypt-nginx/letsencrypt_nginx/configurator.py
index d97cf7397..29445a9d4 100644
--- a/letsencrypt-nginx/letsencrypt_nginx/configurator.py
+++ b/letsencrypt-nginx/letsencrypt_nginx/configurator.py
@@ -93,7 +93,7 @@ class NginxConfigurator(common.Plugin):
         # These will be set in the prepare function
         self.parser = None
         self.version = version
-        self._enhance_func = {}  # TODO: Support at least redirects
+        self._enhance_func = {"redirect": self._enable_redirect}
 
         # Set up reverter
         self.reverter = reverter.Reverter(self.config)
@@ -344,7 +344,7 @@ class NginxConfigurator(common.Plugin):
     ##################################
     def supported_enhancements(self):  # pylint: disable=no-self-use
         """Returns currently supported enhancements."""
-        return []
+        return ['redirect']
 
     def enhance(self, domain, enhancement, options=None):
         """Enhance configuration.
@@ -366,6 +366,26 @@ class NginxConfigurator(common.Plugin):
         except errors.PluginError:
             logger.warn("Failed %s for %s", enhancement, domain)
 
+    def _enable_redirect(self, vhost, unused_options):
+        """Redirect all equivalent HTTP traffic to ssl_vhost.
+
+        Add rewrite directive to non https traffic
+
+        .. note:: This function saves the configuration
+
+        :param vhost: Destination of traffic, an ssl enabled vhost
+        :type vhost: :class:`~letsencrypt_nginx.obj.VirtualHost`
+
+        :param unused_options: Not currently used
+        :type unused_options: Not Available
+        """
+        redirect_block = [[['if', '($scheme != "https")'],
+            [['return', '301 https://$host$request_uri']]
+        ]]
+        self.parser.add_server_directives(vhost.filep, vhost.names,
+            redirect_block)
+        logger.info("Redirecting all traffic to ssl in %s", vhost.filep)
+
     ######################################
     # Nginx server management (IInstaller)
     ######################################
diff --git a/letsencrypt-nginx/letsencrypt_nginx/parser.py b/letsencrypt-nginx/letsencrypt_nginx/parser.py
index 93cda2c41..705257c16 100644
--- a/letsencrypt-nginx/letsencrypt_nginx/parser.py
+++ b/letsencrypt-nginx/letsencrypt_nginx/parser.py
@@ -413,7 +413,7 @@ def _regex_match(target_name, name):
             return True
         else:
             return False
-    except re.error:
+    except re.error: # pragma: no cover
         # perl-compatible regexes are sometimes not recognized by python
         return False
 
diff --git a/letsencrypt-nginx/letsencrypt_nginx/tests/configurator_test.py b/letsencrypt-nginx/letsencrypt_nginx/tests/configurator_test.py
index 913c5de27..ff720ea85 100644
--- a/letsencrypt-nginx/letsencrypt_nginx/tests/configurator_test.py
+++ b/letsencrypt-nginx/letsencrypt_nginx/tests/configurator_test.py
@@ -51,11 +51,11 @@ class NginxConfiguratorTest(util.NginxTest):
              "example.*", "www.example.org", "myhost"]))
 
     def test_supported_enhancements(self):
-        self.assertEqual([], self.config.supported_enhancements())
+        self.assertEqual(['redirect'], self.config.supported_enhancements())
 
     def test_enhance(self):
         self.assertRaises(
-            errors.PluginError, self.config.enhance, 'myhost', 'redirect')
+            errors.PluginError, self.config.enhance, 'myhost', 'unknown_enhancement')
 
     def test_get_chall_pref(self):
         self.assertEqual([challenges.TLSSNI01],