您的位置: 首页  >  技术问答  >  Nginx - 用TLC/SSL强制WWW

Nginx - 用TLC/SSL强制WWW

分类: 技术问答 2022-09-19 23:41:01
问题描述:

我想在我的网站上强制使用ssl,并将非www重定向到www。我阅读了很多指南并尝试了示例配置,但没有完全奏效。 随着我的配置它给了我太多的重定向错误Nginx - 用TLC/SSL强制WWW

这是我的配置

server { 
      listen 80 default_server; 
      listen [::]:80 default_server; 

      # SSL configuration 
      # 
      server_name mydomainname.com www.mydomainname.com; 
      return 301 https://www.mydomainname.com$request_uri; 
    } 

    server { 
      listen 443 ssl http2; 
      listen [::]:443 ssl default_server; 
      include snippets/ssl-mydomainname.com.conf; 
      include snippets/ssl-params.conf; 
      server_name mydomainname.com; 
      return 301 https://www.mydomainname.com$request_uri; 
      # 
      # Note: You should disable gzip for SSL traffic. 
      # See: https://bugs.debian.org/773332 
      # 
      # Read up on ssl_ciphers to ensure a secure configuration. 
      # See: https://bugs.debian.org/765782 
      # 
      # Self signed certs generated by the ssl-cert package 
      # Don't use them in a production server! 
      # 
      # include snippets/snakeoil.conf; 

      root /var/www/blog; 

      # Add index.php to the list if you are using PHP 
      index index.html index.htm index.nginx-debian.html; 

      server_name _; 
    location ~ /.well-known { 
        allow all; 
      } 
      location/{ 
        # First attempt to serve request as file, then 
        # as directory, then fall back to displaying a 404. 
        try_files $uri $uri/ =404; 
      } 
    location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { 
     expires 30d; 
     add_header Pragma public; 
     add_header Cache-Control "public"; 
    } 
      # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 
      # 
      #location ~ \.php$ { 
      #  include snippets/fastcgi-php.conf; 
      # 
      #  # With php7.0-cgi alone: 
      #  fastcgi_pass 127.0.0.1:9000; 
      #  # With php7.0-fpm: 
      #  fastcgi_pass unix:/run/php/php7.0-fpm.sock; 
      #} 

      # deny access to .htaccess files, if Apache's document root 
      # concurs with nginx's one 
      # 
      #location ~ /\.ht { 
      #  deny all; 
      #} 
    } 

    # Virtual Host configuration for example.com 
    # 
    # You can move that to a different file under sites-available/ and symlink that 
    # to sites-enabled/ to enable it. 
    # 
    #server { 
    #  listen 80; 
    #  listen [::]:80; 
    # 
    #  server_name example.com; 
    # 
    #  root /var/www/example.com; 
    #  index index.html; 
    # 
    #  location/{ 
    #    try_files $uri $uri/ =404; 
    #  } 
    #}

请给我一些建议。

您需要将您的443服务器块分成两部分。例如:

server { 
    listen 443 ssl default_server; 
    listen [::]:443 ssl default_server; 
    include snippets/ssl-mydomainname.com.conf; 
    include snippets/ssl-params.conf; 
    return 301 https://www.mydomainname.com$request_uri; 
} 
server { 
    listen 443 ssl http2; 
    listen [::]:443 ssl http2; 
    include snippets/ssl-mydomainname.com.conf; 
    include snippets/ssl-params.conf; 
    server_name www.mydomainname.com; 
    ... 
}

因此默认安全服务器重定向到您的安全万维网服务器。有关更多信息,请参见this document。这还假定证书对www和非www服务器名称均有效。

相关推荐