我的 nginx 檔案沒有檔案失敗,我不知道如何。我已經成功地從 http 重定向到 https 了。但我無法將 www 重定向到非 www 版本。我究竟做錯了什麼?
server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/sammy/myproject;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/sammy/myproject/myproject.sock;
}
# added for let's encrypt
location /.well-known/ {
root /home/sammy/myproject;
allow all;
}
}
server {
# SSL configuration
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/myproject/myproject;
}
location / {
include proxy_params;
proxy_pass http://unix:/home/sammy/myproject/myproject.sock;
}
# added for let's encrypt
location /.well-known/ {
root /home/sammy/myproject;
allow all;
}
}
我嘗試了這個附加區塊:
server {
listen 80;
server_name www.example.com;
return 301 https://$server_name$request_uri;
...
}
但這似乎不起作用。我想也許我應該將其更改為偵聽 443,但不確定這將如何影響 ssl 伺服器區塊和 default_server 命令?
答案1
指$server_name的是您在虛擬主機區塊中定義的伺服器名稱。因此,您的附加區塊會導致重定向循環重定向回自身。
您必須在那裡使用文字網域而不是變數。
對於帶有 的 SSL 網域www,您必須新增listen 443 ssl;區塊和憑證值。
所以,這應該是你的第三個區塊:
server {
listen 80;
listen 443 ssl;
server_name www.example.com;
return 301 https://example.com$request_uri;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
...
}
答案2
以下是我如何從 http 轉發到 https。關鍵部分是底部的三個伺服器區塊。
server {
server_name www.example.com;
listen 443 ssl http2;
ssl_certificate /var/lib/acme/certs/***CERT_DIRECTORY/fullchain;
ssl_certificate_key /var/lib/acme/certs/***CERT_DIRECTORY/privkey;
# Set up preferred protocols and ciphers. TLS1.2 is required for HTTP/2
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
# This is a cache for SSL connections
ssl_session_cache shared:SSL:2m;
ssl_session_timeout 60m;
root /var/www/***rootdir;
# First line is a cached access log, second logs immediately
access_log /var/log/nginx/mrwild.access.log main buffer=32k flush=1m if=$log_ua;
# access_log /var/log/nginx/mrwild.access.log main;
# Default location to serve
location / {
log_not_found off;
# This is a static site, so set the cache control headers to allow caching
# for a day
add_header Cache-Control "public";
expires 1d;
valid_referers none blocked server_names ~($host) ~(googleusercontent|google|bing|yahoo);
if ($invalid_referer) {
rewrite (.*) /stop-stealing-images.png redirect;
}
}
# Let the hotlink detection image be hotlinked
# *** Find yourself a suitable graphic
location = /stop-stealing-images.png {
add_header Cache-Control "public"; expires 4h;
}
# Don't log robots errors but log access
location = /robots.txt {
allow all; log_not_found off;
}
location ~ /favicon.ico {
access_log off; log_not_found off;
}
# This is for issuing certificates
location /.well-known/acme-challenge/ {
root /var/www/acme-challenge/;
}
}
# This server simply redirects the requested to the https version of the page
server {
listen 80;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 80;
server_name www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /var/lib/acme/certs/***CERT_DIRECTORY/fullchain;
ssl_certificate_key /var/lib/acme/certs/***CERT_DIRECTORY/privkey;
# Set up preferred protocols and ciphers. TLS1.2 is required for HTTP/2
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
access_log /var/log/nginx/mrwild.access.log main buffer=32k flush=1m if=$log_ua;
return 301 https://www.example.com$request_uri;
}