Я использую nginx на Ubuntu, и у меня возникла проблема: в моем SSL-сертификате (Let's Encrypt) есть несколько доменов. Когда я захожу на свой сайт с доменом .com.br, пользователи вынуждены использовать https, но с другими доменами этого не происходит.
Если я включу эту строку, все домены будут перенаправляться на домен .com.br:
return 301 https://www.$server_name$request_uri;
Как я могу это исправить?
Вот мой файл конфигурации nginx:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
client_max_body_size 100M;
root /var/www/robbu.com.br/public;
index index.php index.html index.htm;
# Make site accessible from http://localhost/
server_name domain.com.br www.domain.com.br domain.com.ar www.domain.com.ar domain.global www.domain.global domain.net www.domain.net domain.solutions www.$
#return 301 https://www.$server_name$request_uri;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$query_string;
# Uncomment to enable naxsi on this location
# include /etc/nginx/naxsi.rules
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/robbu.com.br/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/robbu.com.br/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
решение1
Вам нужно создать блок сервера для каждого домена, который вы хотите перенаправить на свой собственный https-домен. Повторите этот набор из двух серверов для каждого домена.
# This server simply redirects the requested to the https version of the page
server {
listen 80;
server_name www.example.com example.com;
# Let's Encrypt certificates with Acmetool. Not sure if required on http or https (you can't connect to https server before there's a certificate) so do both.
location /.well-known/acme-challenge/ {
alias /var/www/.well-known/acme-challenge/;
}
location / {
return 301 https://www.example.com$request_uri;
}
}
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /var/lib/acme/certs/***CERT_DIRECTORY/fullchain;
ssl_certificate_key /var/lib/acme/certs/***CERT_DIRECTORY/privkey;
# Set up preferred protocols and ciphers. TLS1.2 is required for HTTP/2
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
access_log /var/log/nginx/access.log main buffer=32k flush=1m if=$log_ua;
return 301 https://www.example.com$request_uri;
}