当前状态如下:
- http://example.com到https://www.example.com作品
- http://www.example.com到https://www.example.com作品
- https://example.com到https://www.example.com不重定向 - 仅解析为https://example.com
尝试了多个配置,结果仍然相同。不确定这是否是配置字段中元素的顺序问题,还是我完全配置错误。
配置文件:
server {
server_name www.example.com example.com 123.123.123.123;
root /var/www/wdiu-new/web;
location / {
# try to serve file directly, fallback to app.php
try_files $uri /app.php$is_args$args;
}
# DEV
# This rule should only be placed on your development environment
# In production, don't include this and don't deploy app_dev.php or config.php
location ~ ^/(app_dev|config)\.php(/|$) {
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
# When you are using symlinks to link the document root to the
# current version of your application, you should pass the real
# application path instead of the path to the symlink to PHP
# FPM.
# Otherwise, PHP's OPcache may not properly detect changes to
# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
# for more information).
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
}
# PROD
location ~ ^/app\.php(/|$) {
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
# When you are using symlinks to link the document root to the
# current version of your application, you should pass the real
# application path instead of the path to the symlink to PHP
# FPM.
# Otherwise, PHP's OPcache may not properly detect changes to
# your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
# for more information).
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
# Prevents URIs that include the front controller. This will 404:
# http://domain.tld/app.php/some-path
# Remove the internal directive to allow URIs like this
internal;
}
# return 404 for all other php files not matching the front controller
# this prevents access to other php files you don't want to be accessible.
location ~ \.php$ {
return 404;
}
error_log /var/log/nginx/project_error.log;
access_log /var/log/nginx/project_access.log;
# managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/new.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/new.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/new.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/new.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
return 301 https://www.example.com$request_uri;
}
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name www.example.com 123.123.123.123;
listen 80;
return 404; # managed by Certbot
}
答案1
server {
server_name www.example.com example.com 123.123.123.123;
您的第一个服务器块正在处理 HTTPS 请求example.com。
您应该删除该主机名,以便请求能够example.com传递到包含重定向的以下服务器块。
(事实上,也删除 IP 并将其移动到重定向主机,尽管如果您实际尝试使用,您可能会收到浏览器 SSL 警告https://<ip>)
答案2
我想你希望这个区块
server { listen 80; server_name example.com; return 301 https://www.example.com$request_uri; }
重定向https://example.com到https://www.example.com
但它不起作用,因为它只监听端口 80。
无论如何,您的服务器 {} 块中确实存在大量冗余。我建议您更好地组织这些冗余,否则您将继续遇到麻烦。