Ich verwende Nginx unter Ubuntu und habe ein Problem: Ich habe mehrere Domänen in meinem SSL-Zertifikat (Let’s Encrypt). Wenn ich mit der Domäne .com.br auf meine Website zugreife, müssen die Benutzer https verwenden. Bei den anderen Domänen passiert das jedoch nicht.
Wenn ich diese Zeile aktiviere, werden alle Domänen auf die Domäne .com.br umgeleitet:
return 301 https://www.$server_name$request_uri;
Wie kann ich das beheben?
Hier ist meine Nginx-Konfigurationsdatei:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
client_max_body_size 100M;
root /var/www/robbu.com.br/public;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name domain.com.br www.domain.com.br domain.com.ar www.domain.com.ar domain.global www.domain.global domain.net www.domain.net domain.solutions www.$
#return 301 https://www.$server_name$request_uri;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$query_string;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/robbu.com.br/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/robbu.com.br/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
Antwort1
Sie müssen für jede Domäne, die Sie an eine eigene https-Domäne weiterleiten möchten, einen Serverblock erstellen. Wiederholen Sie diesen Satz von zwei Servern für jede Domäne.
# This server simply redirects the requested to the https version of the page
server {
listen 80;
server_name www.example.com example.com;
# Let's Encrypt certificates with Acmetool. Not sure if required on http or https (you can't connect to https server before there's a certificate) so do both.
location /.well-known/acme-challenge/ {
alias /var/www/.well-known/acme-challenge/;
}
location / {
return 301 https://www.example.com$request_uri;
}
}
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /var/lib/acme/certs/***CERT_DIRECTORY/fullchain;
ssl_certificate_key /var/lib/acme/certs/***CERT_DIRECTORY/privkey;
# Set up preferred protocols and ciphers. TLS1.2 is required for HTTP/2
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
access_log /var/log/nginx/access.log main buffer=32k flush=1m if=$log_ua;
return 301 https://www.example.com$request_uri;
}