【发布时间】:2020-03-18 07:31:58
【问题描述】:
我在 linode 上运行一个 rails 应用程序。我在 ubuntu 上使用 nginx,并已成功为两个域(www 和非 www)创建了带有 certbot 的证书
sudo certbot certificates 给出以下输出
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: example.com
Domains: www.example.com
Expiry Date: 2020-02-19 20:17:51+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
Certificate Name: www.example.com
Domains: example.com
Expiry Date: 2020-02-20 07:33:06+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.example.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
这是我启用的 nginx 配置文件的内容
upstream puma {
server unix:///home/deploy/apps/example/shared/tmp/sockets/example-puma.sock;
}
server {
listen 80 default_server deferred;
# server_name example.com;
root /home/deploy/apps/example/current/public;
access_log /home/deploy/apps/example/current/log/nginx.access.log;
error_log /home/deploy/apps/example/current/log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri @puma;
location @puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
}
server {
listen 80;
# server_name example.com;
server_name 172.104.228.105;
return 301 $scheme://example.com$request_uri;
}
我想将所有流量重定向到https://non-www.com。 https://heimlichhamburg.de
在我为非 www 域添加另一个证书之前,该证书适用于 www。现在我在 www 和非 www 域上收到 redirected you too many times 错误和 This site can’t provide a secure connection。
更新的 NGINX.CONF
upstream puma {
server unix:///home/deploy/apps/wasgehthamburg/shared/tmp/sockets/wasgehthamburg-puma.sock;
}
server {
listen 80 default_server deferred;
# server_name example.com;
root /home/deploy/apps/wasgehthamburg/current/public;
access_log /home/deploy/apps/wasgehthamburg/current/log/nginx.access.log;
error_log /home/deploy/apps/wasgehthamburg/current/log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri @puma;
location @puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
}
server {
listen 80;
# server_name example.com;
server_name 172.XXX.XXX.105 www.example.org example.org;
return 301 https://example.org.de$request_uri;
}
server {
listen 443 ssl http2; #https of www*, 301 to right domain.
server_name www.heimlichhamburg.de;
#here the paths to your cert and key
ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem
ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
return 301 https://example.org$request_uri;
}
server {
listen 443 ssl http2;
server_name example.org;
ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem
ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
#do what you want to do here.
}
【问题讨论】: