Nginx的：重定向非www到www上HTTPS

Question

Nginx的工作不重定向非www到www，如果我在https：

https://domain.com到https://www.domain.com

我在.conf CURENT設置是：

server { 
    listen 80; 
    server_name www.domain.com domain.com; 
    return 301 https://www.domain.com$request_uri; 
} 
server { 
    listen 443; 
    server_name domain.com; 
    return 301 https://www.domain.com$request_uri; 
} 
server { 
    listen IP_ADDRESS:443 ssl; 
    server_name www.domain.com; 
    ... 
} 

http://domain.com到https://www.domain.com和http://www.domain到https://www.domain.com作品，但非www對HTTPS WWW不工作。

如果我在第二個server塊中添加了IP_ADDRESS，我在Chrome（SSL錯誤）中出現錯誤，並且兩個（www和非www）都停止工作。

UPDATE：

感謝斯特芬（以下答案），我更新了自簽名證書是*.domain.com而不是domain.com。

的.conf文件格式下更新：

ssl_certificate /etc/nginx/ssl/server.crt; 
ssl_certificate_key /etc/nginx/ssl/server.key; 

server { 
    listen 80; 
    server_name www.domain.com domain.com; 
    return 301 https://www.domain.com$request_uri; 
} 
server { 
    listen 443 ssl; 
    server_name domain.com; 
    return 301 https://www.domain.com$request_uri; 
} 
server { 
    listen 443 ssl; 
    server_name www.domain.com; 
    ... 
} 

Answer 1

這可能是因爲你沒有domain.com的證書，但僅針對www.domain.com或* .domain.com 。有關詳細信息，請參閱Nginx redirect http://www and naked http/https to https://www或https://serverfault.com/questions/579916/nginx-redirect-https-www-to-https-non-www-without-untrusted-connection-warn/579917#579917。

Answer 2

我有類似的那種情景，這是我如何解決的問題的重定向

https://domain.com ----->https://www.domain.com

server { 
     listen  443; 
     server_name domain.com; 
     if ($host = domain.com) { 
     rewrite ^(.*) https://www.domain.com:443$request_uri? permanent; 
    } 

希望這有助於！

Using if condition in nginx

如果指令在位置上下文中使用時，在某些情況下，它不會做你所期望的，但完全不同的東西，而不是有問題。在某些情況下，它甚至會出現段錯誤。如果可能的話，避免它通常是一個好主意。如果在位置上下文中可以完成的唯一100％安全的事情是： return ...;重寫...最後;

Answer 3

這是我使用的更優雅的解決方案。需要一個服務器塊用於實際的網站，一個服務器塊用於從非www/non-https到https://www.*的重定向。

server { 
    listen IP_ADDRESS:443 ssl; 
    server_name www.domain.com; 
} 
server { 
    listen IP_ADDRESS:80 ssl default_server; 
    listen IP_ADDRESS:443 ssl default_server; 
    return 301 https://www.domain.com$request_uri; 
} 

的default_server選項是非常重要的，否則第一個定義成爲可工作對你的重定向比www.domain.com其他所有請求的意圖默認。通過使用default_server，您的重定向服務器塊充當了全面的功能。

在我看來，你不應該使用「www」。你應該從www重定向到非www。 www是一個遺留的東西，這些日子不相關。您通過從非www重定向到www，從而延續這種不相關的遺產。

Answer 4

在第二個服務器塊（一個以「listen 443;」開頭）中，您必須添加SSL服務器組（最後一組）中所有與SSL相關的指令。這是我的example.conf：

server { 
    listen 80; 
    server_name example.com www.example.com; 
    return 301 https://www.$server_name$request_uri; 
} 

server { 
    listen 443 ssl; 
    server_name example.com; 
    return 301 https://www.$server_name$request_uri; 

    # SSL 
    ssl on; 
    ssl_certificate /var/www/example.com/cert/bundle.cer; 
    ssl_certificate_key /var/www/example.com/cert/example.com.key; 

    # Enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated. 
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 

    # Intermediate cypersuite as recommended by Mozilla 
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; 
    ssl_prefer_server_ciphers on; 
    # Add HSTS (HTTPStrictTransportSecurity) 
    add_header Strict-Transport-Security "max-age=31536000"; 
} 


server { 
    listen 443 ssl; 
    server_name www.example.com; 
    root /var/www/example.com/public; 
    index index.html index.htm index.php; 
    client_max_body_size 32m; 

    access_log /var/www/example.com/access.log; 
    error_log /var/www/example.com/error.log; 

    # SSL 
    ssl on; 
    ssl_certificate /var/www/example.com/cert/bundle.cer; 
    ssl_certificate_key /var/www/example.com/cert/example.com.key; 

    # Enables all versions of TLS, but not SSLv2 or 3 which are weak and now deprecated. 
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 

    # Intermediate cypersuite as recommended by Mozilla 
    ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA'; 
    ssl_prefer_server_ciphers on; 
    # Add HSTS (HTTPStrictTransportSecurity) 
    add_header Strict-Transport-Security "max-age=31536000"; 

    # Directives to send expires headers and turn off 404 error logging. 
    location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { 
     #expires max; 
     log_not_found off; 
     access_log off; 
    } 

    location = /favicon.ico { 
     log_not_found off; 
     access_log off; 
    } 

    location = /robots.txt { 
     allow all; 
     log_not_found off; 
     access_log off; 
    } 

    ## Disable viewing .htaccess & .htpassword 
    location ~ /\.ht { 
     deny all; 
    } 

    location ^~ /admin/ { 
       auth_basic "Restricted"; 
       auth_basic_user_file /var/www/example.com/.htpasswd; 
       try_files $uri $uri/ /index.php$is_args$args; 
       location ~ \.php$ { 
         include /etc/nginx/php-inside.conf; 
       } 
     } 

    include /etc/nginx/php.conf; 
} 

Answer 5

我已經使用重寫對服務器指令，它的工作對我來說：

一般改寫指令非WWW訪問https WWWW

server { 
     listen 80; 
     server_name example.com www.example.com; 
     return 301 https://www.$server_name$request_uri;} 

非www的SSL規則指令到https wwww

server { 
    listen 443 ssl; 
    server_name example.com; 
    return 301 https://www.$server_name$request_uri;}