如何在 nginx 中将 www 重写为非 www

tag-icon tag-icon nginx rewrite
如何在 nginx 中将 www 重写为非 www

我找到了其他几个 serverfault 问题,其中回答了在 nginx 中将 www 重写为非 www,但是似乎使用 nginx 配置时,我的 webdock.io 服务器的解决方案似乎总是导致问题或根本不起作用。我怀疑这与顺序有关,或者与已有内容发生冲突。

这是当前配置

server {

root /var/www/html;
client_max_body_size 256M;

# Add index.php to the list if you are using PHP
index index.html index.htm index.php;

#Which domain names will this vhost respond to
server_name my-clients-domain.com www.my-clients-domain.com;

location / {
proxy_pass http://localhost:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}

location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt  { access_log off; log_not_found off; }
access_log /var/www/logs/access.log;
error_log  /var/www/logs/error.log error;
error_page 404 /index.php;

location ~ \.php$ {
  add_header X-Powered-By "Webdock.io";
  fastcgi_split_path_info ^(.+\.php)(/.+)$;
  fastcgi_pass unix:/var/run/php/php8.2-fpm.sock;
  fastcgi_index index.php;
  include fastcgi_params;
  fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
  fastcgi_intercept_errors off;
  fastcgi_buffer_size 16k;
  fastcgi_buffers 4 16k;
  fastcgi_connect_timeout 600;
  fastcgi_send_timeout 600;
  fastcgi_read_timeout 600;
}

# Necessary for Let's Encrypt Domain Name ownership validation. Place any other deny rules after this
location ~ /.well-known {
allow all;
}

# Deny access to .htaccess or .htpasswd files
location ~ /\.ht {
deny all;
}

    # Deny access to any git repository
    location ~ /\.git {
        deny all;
    }

    # Deny access to xmlrpc.php - a common brute force target against Wordpress
    location = /xmlrpc.php {
        deny all;
        access_log off;
        log_not_found off;
        return 444;
    }

    # Webdock: Do not delete the following End Of File marker if editing this file by hand
    #EOWDSLBLK

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/my-clients-domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/my-clients-domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server { if ($host = www.my-clients-domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = my-clients-domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        listen 80 default_server;
        listen [::]:80 default_server;
        server_name my-clients-domain.com  www.my-clients-domain.com;
        return 404; # managed by Certbot
}

我希望一切都https://www.my-clients-domain.com改写成https://my-clients-domain.com

我尝试在配置文件的不同位置添加以下服务器块,但每次它都无法按预期工作。

server {
    listen [::]:443 ssl ipv6only=on; 
    listen 443 ssl; 

    server_name www.my-clients-domain.com;
    return 301 https://my-clients-domain.com$request_uri;

    ssl_certificate /etc/letsencrypt/live/my-clients-domain.com/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/my-clients-domain.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 
}

如果我输入,https://www.my-clients-domain.com URL 中仍会保留“www”。我的做法是否错误?

答案1

请注意,301 是永久性的,应由浏览器缓存。测试配置更改时:在从新的私人/隐身浏览器窗口重新加载 nginx 配置测试后。

我希望一切都https://www.my-clients-domain.com改写成https://my-clients-domain.com

然后,我会首先确保当你从纯 HTTP 重定向到 HTTPS 时,你的访问者会立即被重定向到https://my-clients-domain.com ,而不是先被重定向http://www.my-clients-domain.comhttps://www.my-clients-domain.com另一个网站,然后又被重定向到https://my-clients-domain.com

不要使用带参数的重定向,而是$host使用所需的域并简洁地说明:

server { 
        listen 80; 
        server_name my-clients-domain.com  www.my-clients-domain.com;
        return 301 https://my-clients-domain.com$request_uri;
}

您的 SSL 服务器块看起来已经正常了。

我希望裸域有第二个块,其中包含您的网络内容:(假设该证书/etc/letsencrypt/live/my-clients-domain.com/也有效www.my-clients-domain.com

server {
    listen [::]:443 ssl ipv6only=on; 
    listen 443 ssl; 

    server_name www.my-clients-domain.com;
    return 301 https://my-clients-domain.com$request_uri;

    ssl_certificate /etc/letsencrypt/live/my-clients-domain.com/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/my-clients-domain.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 
}
server {
    listen [::]:443 ssl ipv6only=on; 
    listen 443 ssl; 

    server_name my-clients-domain.com;
    root  /var/www/default/htdocs;

    ssl_certificate /etc/letsencrypt/live/my-clients-domain.com/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/my-clients-domain.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 
}

或者更简洁一点:

server {
    listen [::]:443 ssl ipv6only=on; 
    listen 443 ssl; 

    server_name my-clients-domain.com www.my-clients-domain.com;
    root  /var/www/default/htdocs;

    if ($host = www.my-clients-domain.com) {
       return 301 https://my-clients-domain.com$request_uri;
    }
    ssl_certificate /etc/letsencrypt/live/my-clients-domain.com/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/my-clients-domain.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 
}

相关内容