如何使用 nginx 将 www 重定向到 https

如何使用 nginx 将 www 重定向到 https

我已经阅读了大部分相关问题,但似乎没有一个对我有用。我肯定做错了什么,所以这就是我所做的。我使用 Ubuntu 和 Nginx 在 DigitalOcean 托管中创建了两个服务器块。我已将所有网站文件上传到 var/www/website-folder。

现在,当我尝试访问该网站时,只有一个链接有效,重定向不起作用。该网站是 yoalfaaz[dot]com

我使用的是 Namecheap 的 SSL,当我使用 Hostgator 托管时,它运行良好,因此可以肯定我的设置存在错误。下面是我更改 /etc/nginx/sites-enabled 的文件。

server {
        listen 80 ;
        listen [::]:80 ;

         return 301 https://www.example.com$request_uri;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm index.nginx-debian.html;

        server_name www.example.com example.com;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }
        location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        location ~ /\.ht {
        deny all;
        }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    root /var/www/example.com/html;
    server_name www.example.com;

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /home/name/example.com.chained.crt;
    ssl_certificate_key /home/name/example.com.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    #ssl_dhparam /path/to/dhparam.pem;

    # intermediate configuration. tweak to your needs.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH$
    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;
 # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;

    resolver 8.8.8.8;

}

更新:DNS 查找存在问题,我已修复该问题,现在 301 重定向工作正常(通过 curl -I 检查)。但网站仍然无法加载。

由于什么都不起作用,所以我尝试删除重定向并尝试在没有 SSL 的情况下加载网站,令人惊讶的是,它加载得很好。现在我想这个问题可能是由于 SSL 引起的,因为其他所有问题都已修复(正如社区成员指出的那样)。

答案1

最简单的方法是为根域定义一个 server_name 块,然后return 301 https://www.exanple.com$request_uri;

server { listen 80 ; listen [::]:80 ; server_name  example.com; return 301 https://www.example.com$request_uri; }

答案2

尝试复制 443 部分以用于非 www https 版本,并使用 301 重定向到https://www版本。

server {
    listen 80 ;
    listen [::]:80 ;
    server_name www.example.com example.com;
    return 301 https://www.example.com$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    root /var/www/example.com/html;
    server_name example.com;

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /home/name/example.com.chained.crt;
    ssl_certificate_key /home/name/example.com.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    #ssl_dhparam /path/to/dhparam.pem;

    # intermediate configuration. tweak to your needs.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH$
    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;
    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;

    resolver 8.8.8.8;

    return 301 https://www.example.com$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    root /var/www/example.com/html;
    server_name www.example.com;

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /home/name/example.com.chained.crt;
    ssl_certificate_key /home/name/example.com.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    #ssl_dhparam /path/to/dhparam.pem;

    # intermediate configuration. tweak to your needs.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH$
    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;
    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;

    resolver 8.8.8.8;
}

附注:浏览器会长时间缓存 301。请确保在测试时清除 301 缓存,Chrome/FF 开发人员工具有此功能。用于curl -I测试

答案3

听起来像是 DNS 问题。domain.com 应该是带有服务器 IP 的 A 记录,而 www 应该是 domain.com 的 CNAME

您还提到这在 Host Gator 上有效。您什么时候更新 DNS?DNS 需要 48-72 小时才能完全传播。

相关内容