如何使用certbot为HTTPS和nginx将www重定向到非www

问题描述 投票:0回答:1

我正在尝试将www重定向到非www但它不起作用。我尝试过类似问题的各种答案,但那些没有奏效。

我有3个域example.comwww.example.comadmin.example.com使用certbot的SSL证书。

这是我当前的配置,适用于非www和admin,但是www.example.com不起作用。

# HTTP - redirect all requests to HTTPS
server {
    listen 80;
    listen [::]:80;
    return 301 https://$host$request_uri;
}

# Redirect to non-www
server {
    server_name www.example.com;
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.se/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.se/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    return 301 https://example.com$request_uri;
}

# non-www
server {

    server_name example.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.se/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.se/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
# CMS
server {

    server_name admin.example.com;

    location / {
        proxy_pass http://localhost:1337;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.se/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.se/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

我使用DigitalOcean,其中admin和非www指向我的Droplet,www.example.com有一个CNAME记录到example.com(非www)。

nginx https ssl-certificate nginx-config certbot
1个回答
0
投票

首先,www.example.com和example.com应该在一个服务器块中。

其次,您需要在#non-www服务器配置博客中添加它

if ($host = 'www.example.com') {
        return 301 https://example.com$request_uri;
}

第三,要将所有请求重定向到HTTPS,必须在server_name块中添加# HTTP - redirect all requests to HTTPS

最后,您的NGINX配置文件将如下所示

# HTTP - redirect all requests to HTTPS
server {
    server_name example.com www.example.com admin.example.com;
    listen 80;
    listen [::]:80;
    return 301 https://$host$request_uri;
}

# non-www
server {

    server_name example.com www.example.com;

    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    if ($host = 'www.example.com') {
        return 301 https://example.com$request_uri;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.se/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.se/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
# CMS
server {

    server_name admin.example.com;

    location / {
        proxy_pass http://localhost:1337;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.se/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.se/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

更新NGINX配置文件后,重新启动NGINX:

$ sudo systemctl restart nginx
© www.soinside.com 2019 - 2024. All rights reserved.