我的 nginx 文件无法归档,我不知道是怎么回事。我已成功从 http 重定向到 https。但我无法将 www 重定向到非 www 版本。我做错了什么?
server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/sammy/myproject;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/sammy/myproject/myproject.sock;
}
# added for let's encrypt
location /.well-known/ {
root /home/sammy/myproject;
allow all;
}
}
server {
# SSL configuration
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/myproject/myproject;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/sammy/myproject/myproject.sock;
}
# added for let's encrypt
location /.well-known/ {
root /home/sammy/myproject;
allow all;
}
}
我尝试了这个额外的块:
server {
listen 80;
server_name www.example.com;
return 301 https://$server_name$request_uri;
...
}
但这似乎不起作用。我想也许我应该将其更改为监听 443,但不确定这会如何影响 ssl 服务器块和 default_server 指令?
答案1
指$server_name的是您在虚拟主机块中定义的服务器名称。因此,您的附加块会导致重定向循环重定向回其自身。
您必须在那里使用文字域名而不是变量。
对于带有的 SSL 域www,您必须添加listen 443 ssl;到块和证书值。
因此,这应该是你的第三个区块:
server {
listen 80;
listen 443 ssl;
server_name www.example.com;
return 301 https://example.com$request_uri;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
...
}
答案2
以下是我从 http 到 https 的转发方法。关键部分是底部的三个服务器块。
server {
server_name www.example.com;
listen 443 ssl http2;
ssl_certificate /var/lib/acme/certs/***CERT_DIRECTORY/fullchain;
ssl_certificate_key /var/lib/acme/certs/***CERT_DIRECTORY/privkey;
# Set up preferred protocols and ciphers. TLS1.2 is required for HTTP/2
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
# This is a cache for SSL connections
ssl_session_cache shared:SSL:2m;
ssl_session_timeout 60m;
root /var/www/***rootdir;
# First line is a cached access log, second logs immediately
access_log /var/log/nginx/mrwild.access.log main buffer=32k flush=1m if=$log_ua;
# access_log /var/log/nginx/mrwild.access.log main;
# Default location to serve
location / {
log_not_found off;
# This is a static site, so set the cache control headers to allow caching
# for a day
add_header Cache-Control "public";
expires 1d;
valid_referers none blocked server_names ~($host) ~(googleusercontent|google|bing|yahoo);
if ($invalid_referer) {
rewrite (.*) /stop-stealing-images.png redirect;
}
}
# Let the hotlink detection image be hotlinked
# *** Find yourself a suitable graphic
location = /stop-stealing-images.png {
add_header Cache-Control "public"; expires 4h;
}
# Don't log robots errors but log access
location = /robots.txt {
allow all; log_not_found off;
}
location ~ /favicon.ico {
access_log off; log_not_found off;
}
# This is for issuing certificates
location /.well-known/acme-challenge/ {
root /var/www/acme-challenge/;
}
}
# This server simply redirects the requested to the https version of the page
server {
listen 80;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 80;
server_name www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /var/lib/acme/certs/***CERT_DIRECTORY/fullchain;
ssl_certificate_key /var/lib/acme/certs/***CERT_DIRECTORY/privkey;
# Set up preferred protocols and ciphers. TLS1.2 is required for HTTP/2
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
access_log /var/log/nginx/mrwild.access.log main buffer=32k flush=1m if=$log_ua;
return 301 https://www.example.com$request_uri;
}