nginx重定向非www www和https domain.com和子域
问题描述:
我有问题将我的非www网址重定向到www和https。nginx重定向非www www和https domain.com和子域
我想要什么:
http://domain.com
http://www.domain.com
https://domain.com
应该重定向到https://www.domain.com
。
http://api.domain.com
应该重定向到https://api.domain.com
我为domain.com和api.domain.com seperata SSL密钥。 api.domain.com的SSL设置通过node.js应用程序处理。此外domain.com使用根文档和api.domain.com使用proxy_pass到的Node.js应用在端口1336,
我试了一下:
# route non ssl api to ssl
server {
listen 80;
server_name api.domain.com;
return 301 https://api.domain.com;
}
# main ssl route for api.domain.com
server {
listen 443 ssl;
server_name api.domain.com;
location/{
proxy_pass https://localhost:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
# route non ssl to www ssl
server {
listen 80;
server_name www.domain.com domain.com;
return 301 https://www.domain.com;
}
# route non www ssl to ssl
server {
listen 443 ssl;
server_name domain.com;
return 301 https://www.domain.com;
}
# main ssl route for domain.com
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
server_name www.domain.com;
location/{
root /var/www/domain.com/www;
}
}
路由被按预期工作: https://www.domain.com http://domain.com http://www.domain.com
不工作:
https://domain.com - >不安全连接离子,因为它试图利用从api.domain.com的证书(这可以被缓存,因为也许我之前的另一种方式,这是错误的尝试吧)
https://api.domain.com->重定向到https://domain.com
http://api.domain.com - >重定向到https://domain.com
nginx的版本:nginx的/ 1.4.6(Ubuntu的)
答
我能得到它的工作诀窍。一个问题是,nginx路线为
listen 443;
server_name www.domain.com;
也触发了https://domain.com。在Chrome开发人员控制台中禁用缓存以进行测试也是非常有帮助的。
全部配置:
# main ssl route for www.domain.com
server {
listen 443;
server_name www.domain.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
root /var/www/domain.com/www;
}
# non-www ssl route
server {
listen 443;
server_name domain.com;
return 301 https://www.domain.com$request_uri;
}
# route non ssl to www ssl
server {
listen 80;
server_name www.domain.com domain.com;
return 301 https://www.domain.com$request_uri;
}
# route non ssl api to ssl
server {
listen 80;
server_name api.domain.com;
return 301 https://api.domain.com$request_uri;
}
# main ssl route for api.domain.com
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/api.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.domain.com/privkey.pem;
server_name api.domain.com;
location/{
proxy_pass http://localhost:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}