Как перенаправить www на не-www используя certbot для HTTPS & nginx - PullRequest
0 голосов
/ 15 апреля 2019

Я пытаюсь перенаправить www на не-www, но это не работает.Я пробовал разные ответы на похожие вопросы, но они не сработали.

У меня есть SSL-сертификат с использованием certbot для 3 доменов example.com, www.example.com и admin.example.com.

Это мой текущий конфиг, который работает для не-www и admin, однако www.example.com не работает.

# HTTP - redirect all requests to HTTPS
server {
    listen 80;
    listen [::]:80;
    return 301 https://$host$request_uri;
}

# Redirect to non-www
server {
    server_name www.example.com;
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.se/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.se/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    return 301 https://example.com$request_uri;
}

# non-www
server {

    server_name example.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.se/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.se/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
# CMS
server {

    server_name admin.example.com;

    location / {
        proxy_pass http://localhost:1337;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.se/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.se/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

Я использую DigitalOcean, где администратор и не-www указывают на мою капельку, а www.example.com имеет запись CNAME для example.com (не-www).

1 Ответ

0 голосов
/ 15 апреля 2019

Во-первых, www.example.com и example.com должны быть в одном блоке сервера.

Во-вторых, вам нужно добавить это в ваш #non-www блог по настройке сервера

if ($host = 'www.example.com') {
        return 301 https://example.com$request_uri;
}

В-третьих, чтобы перенаправить все запросы в HTTPS, server_name должен быть добавлен в ваш блок # HTTP - redirect all requests to HTTPS.

Наконец, ваш файл конфигурации NGINX будет выглядеть так

# HTTP - redirect all requests to HTTPS
server {
    server_name example.com www.example.com admin.example.com;
    listen 80;
    listen [::]:80;
    return 301 https://$host$request_uri;
}

# non-www
server {

    server_name example.com www.example.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    if ($host = 'www.example.com') {
        return 301 https://example.com$request_uri;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.se/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.se/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
# CMS
server {

    server_name admin.example.com;

    location / {
        proxy_pass http://localhost:1337;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.se/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.se/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

ОднаждыВы обновляете файл конфигурации NGINX, перезапустите NGINX:

$ sudo systemctl restart nginx
...