nginx www 应在 https 下使用 301 永久重定向

【问题标题】:nginx www shall redirect permanently with 301 under httpsnginx www 应在 https 下使用 301 永久重定向
【发布时间】:2017-06-02 06:16:14
【问题描述】:

我尝试通过添加第一个服务器块将 www.example.com 重定向到 https://example.com。但它不会重定向。并且它必须被永久重定向以避免对用户的 SEO 问题和安全警告。

这是我完整的 NGINX 配置文件:

<code>
    server {

    listen 80;
    listen 443;
    server_name www.example.com;   
    return 301 $scheme://example.com$request_uri;
    }

    server {       
    listen 80 default_server;

    listen [::]:80 default_server ipv6only=on;       
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;

    root /var/www/html;

    index index.php index.html index.htm;
    server_name example.com;

    #Password protects the test subdomain
    ##  auth_basic "Restricted Content";
    ##  auth_basic_user_file /etc/nginx/.htpasswd;


    # Make site accessible from https://example.com/

    server_name example.com;
    include snippets/ssl-example.com.conf;        
    include snippets/ssl-params.conf;        
    location ~ /.well-known {              
    allow all;
        }       
    location / {    
    try_files $uri $uri/ /index.php$is_args$query_string;
    #try_files $uri $uri/ /index.php?q=$request_uri;                
    # First attempt to serve request as file, then               
    # as directory, then fall back to displaying a 404.             
    # try_files $uri $uri/ =404;              
    # Uncomment to enable naxsi on this location            
    # include /etc/nginx/naxsi.rules
    }  
    error_page 500 502 503 504 /50x.html;  
    location = /50x.html {

    root /usr/share/nginx/html;     
    }
    location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    if (!-f $document_root$fastcgi_script_name) {   
    return 404;
    }
    # Mitigate https://httpoxy.org/ vulnerabilities
    fastcgi_param HTTP_PROXY "";
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    include fastcgi_params;
    }      
    location ~ \.php$ {
    #match actual filename with extension or file not found
    #try_files $uri $uri =404;
    include snippets/fastcgi-php.conf;   
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;       
    }

    # deny access to .htaccess files, if Apache's document root   
    # concurs with nginx's one  
    #
    #location ~ /\.ht 
    {     
    #       deny all;
    #
    }

    }
</code>

【问题讨论】:

    标签: redirect nginx https canonicalization


    【解决方案1】:

    我终于解决了。通过将 www.example.com 和 example.com 添加到 Let's Encrypt 证书,它突然起作用了。

    我做到了 sudoletsencrypt certonly -a webroot --webroot-path=/var/www/html -d www.example.com,example.com

    所以重启nginx后,www重定向突然起作用了! 我还将重定向放在底部并更改了 nginx 文件如下:

    server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;

include snippets/ssl-www.example.com.conf;
include snippets/ssl-params.conf;

root /var/www/html;
index index.php index.html index.htm;

server_name example.com;

#Password protects the test subdomain
##  auth_basic "Restricted Content";
##  auth_basic_user_file /etc/nginx/.htpasswd;

location ~ /.well-known {
allow all;
}
location / {
try_files $uri $uri/ /index.php$is_args$query_string;
# include /etc/nginx/naxsi.rules
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
include fastcgi_params;
}
location ~ \.php$ {
#match actual filename with extension or file not found
#try_files $uri $uri =404;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
server {
listen [::]:80 default_server ipv6only=on;
listen 80 default_server;
server_name www.example.com;
return 301 https://example.com$request_uri;
}

    【讨论】:

      【解决方案2】:

      至少,您的服务器块缺少 ssl 关键字以在 443 端口和证书定义上启用 https

      server {
    listen 80;
    listen 443 ssl;
    ssl_certificate     ...;
    ssl_certificate_key ...;

    server_name www.example.com;   
    return 301 $scheme://example.com$request_uri;
}

      如果example.comwww.example.com 只有一个证书文件,ssl_xxx 指令可能会出现在周围的块中以被两个服务器块继承。请参阅this document 了解更多信息。

      【讨论】:

      • Let's encrypt 似乎不支持像 *.example.com 这样的通配符证书,所以我想我也必须为 www.example.com 添加一个证书,尽管我只是重定向它。
      • 那么?:服务器 { 听 80 default_server;听 [::]:80 default_server ipv6only=on;听 443 ssl http2 default_server;听 [::]:443 ssl http2 default_server; server_name www.example.com;包括 sn-ps/ssl-www.example.com.conf;包括 sn-ps/ssl-params.conf;返回 301 $scheme://example.com$request_uri; } 服务器 { 听 80 default_server;听 [::]:80 default_server ipv6only=on;听 443 ssl http2 default_server;听 [::]:443 ssl http2 default_server; server_name example.com;
      猜你喜欢
      • 1970-01-01
      • 2018-01-24
      • 2014-08-29
      • 2013-07-12
      • 2018-09-15
      • 1970-01-01
      • 1970-01-01
      • 2017-01-11
      • 2014-09-24
      相关资源
      最近更新 更多
      热门标签
      Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode