NGINX 从非 www 重定向到 www 不起作用

NGINX 从非 www 重定向到 www 不起作用

我有这种情况:

我有 EV SSL,它的俗称是美国广播公司

www.example.com包含在 SAN 中,但不包含在示例.com

这是我的虚拟主机配置:

server {
  listen 80;
  server_name example.com;
  return 301 https://www.example.com$request_uri;
}

server {
  listen 443 ssl http2 default_server;
  ssl_certificate /etc/ssl/example/combined.crt;
  ssl_certificate_key /etc/ssl/example/example.key;
  root /var/www/example;

  include snippets/ssl-params.conf;
  add_header X-Frame-Options SAMEORIGIN;

  location ~* \.(eot|ttf|woff)$ {
    add_header Access-Control-Allow-Origin *;
  }

  location / {
    index index.html index.php;
    try_files $uri $uri/ @handler;
    expires 30d; ## Assume all files are cachable
  }

  ## These locations would be hidden by .htaccess normally
  location ^~ /app/                { deny all; }
  location ^~ /includes/           { deny all; }
  location ^~ /lib/                { deny all; }
  location ^~ /media/downloadable/ { deny all; }
  location ^~ /pkginfo/            { deny all; }
  location ^~ /report/config.xml   { deny all; }
  location ^~ /var/                { deny all; }

  location /var/export/ { ## Allow admins only to view export folder
    auth_basic           "Restricted"; ## Message shown in login window
    auth_basic_user_file /root/htpasswd; ## See /etc/nginx/htpassword
    autoindex            on;
  }

  location  /. { ## Disable .htaccess and other hidden files
    return 404;
  }

  location @handler { ## Magento uses a common front handler
    rewrite / /index.php;
  }

  location ~ .php/ {
    rewrite ^(.*.php)/ $1 last;
  }

  location ~ .php$ { ## Execute PHP scripts
    if (!-e $request_filename) { rewrite / /index.php last; }
      #fastcgi_param MAGE_IS_DEVELOPER_MODE on;
      expires        off; ## Do not cache dynamic content
      fastcgi_pass unix:/run/php/php7.0-fpm.sock;
      fastcgi_param  HTTPS $fastcgi_https;
      fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
      fastcgi_param  MAGE_RUN_CODE default;
      fastcgi_param  MAGE_RUN_TYPE store;
      include        fastcgi_params; ## See /etc/nginx/fastcgi_params
  }
}

我的问题是,我似乎无法让它重定向http://example.comhttps://www.example.com

注意:当我在 SSL 检查器上尝试 example.com 时,它说

主机名 (example.com) 与证书中的通用名称 (abc.com) 不匹配。此证书目前对此主机无效。

答案1

当前您的配置的重定向方案是:

  1. http://example.com->https://www.example.com/
  2. http://www.example.com->https://www.example.com/

但是您的配置的第二部分似乎只是捕获所有 https 连接?

以下是我的做法:

// this one is already correct.
// 1. http://example.com -> https://www.example.com/
// 2. http://www.example.com -> https://www.example.com/
server {
  listen 80;
  server_name example.com www.example.com;
  return 301 https://www.example.com$request_uri;
}

// redirect https non-www to www
// 3. https://example.com -> https://www.example.com
server {
  listen 443 ssl;
  server_name example.com;
  // IMPORTANT: SSL configs here, then
  // REDIRECT IN PLACE OF VHOST CONFIGS
  return 301 https://www.example.com$request_uri;
}

// 4. Serve explicit vhost https://www.example.com
server {
  listen 443 ssl;
  server_name www.example.com
  // IMPORTANT: SSL configs here
  // VHOST CONFIG HERE e.g: 
  location / {

  }
}

// Finally, all other unnamed requests should go to a 404.
server {
  listen 80 443 default;
  server_name _;
  return 404;
}

还有您的评论:

主机名 (example.com) 与证书中的通用名称 (abc.com) 不匹配。此证书目前对此主机无效。

这意味着您正在从证书 SAN 中未包含的虚拟主机重定向/提供服务。如果您在 SSL 连接下从一个域重定向到另一个域,则证书中需要同时包含顶点域和 www 子域。

答案2

server {
    listen 80;
    server_name example.com;
    return 301 $scheme://www.example.com$request_uri;
}

server {
    listen 80
    server_name www.example.com;
    <<< your vhost config>>>>>

     listen:443
     <<<< your ssl config >>>>>
}

我就是这样做的。

答案3

那么您可以使用 https:// 而不是 $scheme。

server {
    listen 80;
    server_name example.com www.example.com;
    return 301 https://www.example.com$request_uri;
}

server {
    listen 443
    server_name www.example.com;

     <<<< your ssl config >>>>>

相关内容