NGINX:重定向到非 www 地址

NGINX:重定向到非 www 地址

我正在尝试使用 NGINX 配置我的网站。我有点力不从心,并尝试了所有能找到的相关解决方案,所以非常感谢您的耐心 :)

我希望所有 http 流量都重定向到 https,并且到我网站的 www 子域和我的服务器 ip 地址(就我们的目的而言为 123.123.123.123)的连接应重定向到 mywebsite.com。我的服务器配置如下,它满足所有这些条件,但 www 重定向除外,这会给我一个 NGINX 404 页面。我不明白的是,ip 地址和 www 子域的处理对我来说似乎相同 - 问题是否出在其他地方,例如 DNS 或 SSL 证书?谢谢。

/etc/nginx/sites-available/mywebsite

server {
        listen 80 ;
        server_name www.mywebsite.com mywebsite.com 123.123.123.123 ;
        return 301 https://mywebsite.com$request_uri ;
}
server {
        server_name www.mywebsite.com ;
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    return 301 https://mywebsite.com$request_uri ;


}
server {
        server_name 123.123.123.123;
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    return 301 https://mywebsite.com$request_uri ;


}
server {
        server_name mywebsite.com ;
        root /var/www/mywebsite ;
        index index.html index.htm index.nginx-debian.html ;
        location / {
                try_files $uri $uri/ =404 ;
        }
        if ($host != mywebsite.com) {
                return 301 https://mywebsite.com$request_uri;
        } 


    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}
root@localhost:~# certbot certificates
Saving debug log to /var/log/letsencrypt/letsencrypt.log

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
  Certificate Name: mail.mywebsite.com
    Serial Number: ###################################
    Key Type: ECDSA
    Domains: mail.mywebsite.com
    Expiry Date: 2023-12-09 16:27:55+00:00 (VALID: 89 days)
    Certificate Path: /etc/letsencrypt/live/mail.mywebsite.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/mail.mywebsite.com/privkey.pem
  Certificate Name: mywebsite.com
    Serial Number: ###################################
    Key Type: ECDSA
    Domains: mywebsite.com mail.mywebsite.com www.mywebsite.com
    Expiry Date: 2023-12-09 03:09:48+00:00 (VALID: 88 days)
    Certificate Path: /etc/letsencrypt/live/mywebsite.com/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/mywebsite.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

对于 DNS,我有 mywebsite.com 和 *.mywebsite.com 的 A 和 AAAA 记录,分别指向我服务器的 ipv4 和 ipv6 地址,以及我的邮件子域的 MX 记录和一些 TXT 记录。

A   mywebsite.com   123.123.123.123 600     
A   *.mywebsite.com 123.123.123.123 600     
AAAA    mywebsite.com   1234:1234::1234:1234:1234:1234  600     
AAAA    *.mywebsite.com 1234:1234::1234:1234:1234:1234  600     
MX  mywebsite.com   mail.mywebsite.com  600 10  
TXT _dmarc.mywebsite.com    v=DMARC1; p=reject; rua=mailto:[email protected]; fo=1    600     
TXT mywebsite.com   v=spf1 mx a:mail.mywebsite.com -all 600     
TXT mail._domainkey.mywebsite.com   v=DKIM1; h=sha256; k=rsa; p=#####################################   600 

答案1

(这主要是评论,但空间有限)

我希望所有 http 流量重定向到 https,

好的,看起来很合理。

并且与我网站的 www 子域名和我的服务器 IP 地址(就我们的目的而言是 123.123.123.123)的连接应重定向到 mywebsite.com

为什么?我认为这没什么好处,而且它实际上关闭了服务高可用性的大门。

是的,随便检查一下配置,它应该会按照你的想法运行。但是你为什么要使用不同的服务器块来描述www.mywebsite.com和 123.123.123.123 何时实现相同的行为?(实际上,您可以在单个服务器块中为 3 个 SSL 虚拟主机实现该行为)。同样,您不需要为 mail.mywebsite.com 单独准备证书。

证书问题不太可能导致 404 错误。

DNS 似乎是显而易见需要检查的东西/相反,您可以明确覆盖任何现有的 DNS 并查看实际的 HTTP 标头(例如):

curl -I -k --resolve \*:443:123.123.123 https://www.example.com

相关内容