我已经阅读了大部分相关问题,但似乎没有一个对我有用。我肯定做错了什么,所以这就是我所做的。我使用 Ubuntu 和 Nginx 在 DigitalOcean 托管中创建了两个服务器块。我已将所有网站文件上传到 var/www/website-folder。
现在,当我尝试访问该网站时,只有一个链接有效,重定向不起作用。该网站是 yoalfaaz[dot]com
- 在职的:http://www.example.com
- 不工作:http://example.com
- 不工作:https://example.com
- 工作中:https://www.example.com (这个链接正是我想要的网站链接)
我使用的是 Namecheap 的 SSL,当我使用 Hostgator 托管时,它运行良好,因此可以肯定我的设置存在错误。下面是我更改 /etc/nginx/sites-enabled 的文件。
server {
listen 80 ;
listen [::]:80 ;
return 301 https://www.example.com$request_uri;
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
server_name www.example.com example.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /var/www/example.com/html;
server_name www.example.com;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /home/name/example.com.chained.crt;
ssl_certificate_key /home/name/example.com.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
#ssl_dhparam /path/to/dhparam.pem;
# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH$
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
}
更新:DNS 查找存在问题,我已修复该问题,现在 301 重定向工作正常(通过 curl -I 检查)。但网站仍然无法加载。
由于什么都不起作用,所以我尝试删除重定向并尝试在没有 SSL 的情况下加载网站,令人惊讶的是,它加载得很好。现在我想这个问题可能是由于 SSL 引起的,因为其他所有问题都已修复(正如社区成员指出的那样)。
答案1
最简单的方法是为根域定义一个 server_name 块,然后return 301 https://www.exanple.com$request_uri;
server { listen 80 ; listen [::]:80 ; server_name example.com; return 301 https://www.example.com$request_uri; }
答案2
尝试复制 443 部分以用于非 www https 版本,并使用 301 重定向到https://www版本。
server {
listen 80 ;
listen [::]:80 ;
server_name www.example.com example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /var/www/example.com/html;
server_name example.com;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /home/name/example.com.chained.crt;
ssl_certificate_key /home/name/example.com.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
#ssl_dhparam /path/to/dhparam.pem;
# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH$
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
root /var/www/example.com/html;
server_name www.example.com;
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /home/name/example.com.chained.crt;
ssl_certificate_key /home/name/example.com.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
#ssl_dhparam /path/to/dhparam.pem;
# intermediate configuration. tweak to your needs.
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH$
ssl_prefer_server_ciphers on;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security max-age=15768000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
}
附注:浏览器会长时间缓存 301。请确保在测试时清除 301 缓存,Chrome/FF 开发人员工具有此功能。用于curl -I
测试
答案3
听起来像是 DNS 问题。domain.com 应该是带有服务器 IP 的 A 记录,而 www 应该是 domain.com 的 CNAME
您还提到这在 Host Gator 上有效。您什么时候更新 DNS?DNS 需要 48-72 小时才能完全传播。