Meine Nginx-Datei funktioniert nicht und ich bin mir nicht sicher, wie das geht. Ich habe es geschafft, problemlos von http auf https umzuleiten. Aber ich kann nicht erreichen, dass www auf eine Nicht-www-Version umleitet. Was mache ich falsch?
server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/sammy/myproject;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/sammy/myproject/myproject.sock;
}
# added for let's encrypt
location /.well-known/ {
root /home/sammy/myproject;
allow all;
}
}
server {
# SSL configuration
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/myproject/myproject;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/sammy/myproject/myproject.sock;
}
# added for let's encrypt
location /.well-known/ {
root /home/sammy/myproject;
allow all;
}
}
Ich habe diesen zusätzlichen Block ausprobiert:
server {
listen 80;
server_name www.example.com;
return 301 https://$server_name$request_uri;
...
}
Dies schien jedoch nicht zu funktionieren. Ich dachte, ich sollte dies vielleicht ändern, um auf 443 zu lauschen, war mir aber nicht sicher, wie sich dies auf den SSL-Serverblock und die Standardserverdirektive auswirken würde.
Antwort1
Dies $server_namebezieht sich auf den Servernamen, den Sie im virtuellen Hostblock definiert haben. Daher verursacht Ihr zusätzlicher Block einen Umleitungszyklus, der auf sich selbst zurückleitet.
Sie müssen dort einen wörtlichen Domänennamen anstelle einer Variablen verwenden.
Für SSL-Domänen mit wwwmüssen Sie listen 443 ssl;die Block- und Zertifikatswerte ergänzen.
Dies sollte also Ihr dritter Block sein:
server {
listen 80;
listen 443 ssl;
server_name www.example.com;
return 301 https://example.com$request_uri;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
...
}
Antwort2
So mache ich die Weiterleitungen von http zu https. Das Wichtigste sind die drei Serverblöcke unten.
server {
server_name www.example.com;
listen 443 ssl http2;
ssl_certificate /var/lib/acme/certs/***CERT_DIRECTORY/fullchain;
ssl_certificate_key /var/lib/acme/certs/***CERT_DIRECTORY/privkey;
# Set up preferred protocols and ciphers. TLS1.2 is required for HTTP/2
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
# This is a cache for SSL connections
ssl_session_cache shared:SSL:2m;
ssl_session_timeout 60m;
root /var/www/***rootdir;
# First line is a cached access log, second logs immediately
access_log /var/log/nginx/mrwild.access.log main buffer=32k flush=1m if=$log_ua;
# access_log /var/log/nginx/mrwild.access.log main;
# Default location to serve
location / {
log_not_found off;
# This is a static site, so set the cache control headers to allow caching
# for a day
add_header Cache-Control "public";
expires 1d;
valid_referers none blocked server_names ~($host) ~(googleusercontent|google|bing|yahoo);
if ($invalid_referer) {
rewrite (.*) /stop-stealing-images.png redirect;
}
}
# Let the hotlink detection image be hotlinked
# *** Find yourself a suitable graphic
location = /stop-stealing-images.png {
add_header Cache-Control "public"; expires 4h;
}
# Don't log robots errors but log access
location = /robots.txt {
allow all; log_not_found off;
}
location ~ /favicon.ico {
access_log off; log_not_found off;
}
# This is for issuing certificates
location /.well-known/acme-challenge/ {
root /var/www/acme-challenge/;
}
}
# This server simply redirects the requested to the https version of the page
server {
listen 80;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 80;
server_name www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /var/lib/acme/certs/***CERT_DIRECTORY/fullchain;
ssl_certificate_key /var/lib/acme/certs/***CERT_DIRECTORY/privkey;
# Set up preferred protocols and ciphers. TLS1.2 is required for HTTP/2
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
access_log /var/log/nginx/mrwild.access.log main buffer=32k flush=1m if=$log_ua;
return 301 https://www.example.com$request_uri;
}