我正在使用 nginx 反向代理和 gunicorn 应用服务器开发 Django 应用。作为一名新手 Web 开发人员,我需要帮助将www流量重定向到no wwwWeb 服务器级别。我目前正在应用内的中间件级别执行相同操作,但需要提高性能。
目前我的nginx虚拟主机文件布局如下:
proxy_cache_path /var/cache/nginx levels=1:2 keys_zone=my_cache:10m max_size=100m inactive=6m;
upstream my_server {
server unix:/home/myuser/myproject/myfolder/myproject.sock fail_timeout=0;
}
server {
listen 80;
server_name example.com www.example.com;
# a bunch of 'location' blocks e.g. 'location /' or 'location @http_proxy_to_app', etc.
}
server {
listen 443 ssl;
server_name example.com www.example.com;
# SSL related stuff
# a bunch of 'location' blocks e.g. 'location /' or 'location @http_proxy_to_app', etc.
}
我将如何重定向从 www 到无 www在这种情况下?我见过的大多数例子都解释说我需要server在顶部添加一个专用块,如下所示:
server {
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
}
其他建议是在我的服务器块(内部location /)中包含类似以下内容。我不确定这是否与反向代理相关代码兼容:
if ($host ~* ^www\.(.*)$) {
rewrite / $scheme://$1 permanent;
}
作为一个新手,我想根据我的 nginx 文件当前的布局来确认应该使用哪种做法(以及为什么),因此提出了这个问题。
这是我的实际配置:
server {
server_name example.com;
listen 443 ssl;
#ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate /etc/nginx/ssl/cert_chain.crt;
#ssl_certificate_key /etc/ssl/myserver.key;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
#ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
#ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_session_cache shared:SSL:1250m;
ssl_session_timeout 180m;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
#ssl_trusted_certificate /etc/ssl/COMODO_DV_SHA-2_under_SHA-2root.crt;
ssl_trusted_certificate /etc/nginx/ssl/example_com.ca-bundle;
# write error log file for https errors:
error_log /var/log/nginx/https-error_log warn;
location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { root /home/myuser/myproj/myapp; expires 24h; add_header Vary Accept-Encoding; access_log off; }
.... more config to follow ...
}
答案1
Web 服务器处理的首选设置http://example.com,https://example.com,http://www.example.com和https://www.example.comexample.com当首选域和 https时,如下所示:
server {
server_name example.com www.example.com;
listen 80;
return 301 https://example.com$request_uri;
}
server {
server_name www.example.com;
listen 443 ssl;
return 301 https://example.com$request_uri;
}
server {
server_name example.com;
listen 443 ssl;
... actual server configuration ...
}
在此设置中,只有一个实际 URLhttps://example.com可用于访问网站内容,这有利于建立索引。在当前设置中,所有 URL 都提供相同的网站内容,这会导致 Google 出现重复问题。
为重定向定义单独的虚拟主机是首选方法,因为评估语句if会导致已经进入正确虚拟主机块的请求重复工作。