Force www. and https in nginx.conf (SSL)

前端 未结 4 1148
梦谈多话
梦谈多话 2021-02-05 20:48

After purchasing a SSL certificate I have been trying to force all pages to secured https and to www.

https://www.exampl.com is working and secure but only if type it i

相关标签:
4条回答
  • 2021-02-05 21:06

    The following solution seems to be clear and simple, everything defined in one server block. So with this setup I force everything to https://www.domain.tld, so both handlers are here non-HTTPS and non-WWW on HTTPS. There are two IF's but if you don't want to duplicate entire SSL block two times to handle it... this is the way to do it.

    server {
        listen 80;
        listen 443 ssl;
    
        server_name domain.tld www.domain.tld;
    
        # global HTTP handler
        if ($scheme = http) {
            return 301 https://www.domain.tld$request_uri;
        }
    
        # global non-WWW HTTPS handler
        if ($http_host = domain.tld){
            return 303 https://www.domain.tld$request_uri;
        }
    }
    

    And even better solution to avoid IF's:

    # Redirect all traffic from HTTP to HTTPS
    server {
        listen 80;
    
        server_name example.com www.example.com;
    
        # Destination redirect base URI
        set $RURI https://www.example.com;
    
        location / {return 301 $RURI$request_uri;}
    }
    
    # Redirect non-WWW HTTPS traffic to WWW HTTPS
    server {
        listen 443 ssl;
        # NOTE: SSL configuration is defined elsewhere
        server_name example.com;
        return 301 $scheme://www.$host$request_uri;
    }
    
    # MAIN SERVER BLOCK
    server {
        listen 443 ssl;
        # NOTE: SSL configuration is defined elsewhere
        server_name www.example.com;
    }
    
    0 讨论(0)
  • 2021-02-05 21:07

    The best way to implement WWW and HTTPS redirection is to create a new server section in Nginx config:

    server {
        listen      80;   #listen for all the HTTP requests
        server_name example.com www.example.com;
        return      301         https://www.example.com$request_uri;
    }
    

    You will also have to perform https://example.com to https://www.example.com redirection. This may be done with code similar to the following:

    server {
        listen              443 ssl;
        server_name         example.com;
    
        ssl_certificate     ssl.crt; #you have to put here...
        ssl_certificate_key ssl.key; #   ...paths to your certificate files
        return      301     https://www.example.com$request_uri;
    }
    

    And of course, you must reload Nginx config after each change. Here are some useful commands:

    check for errors in the configuration:

    sudo service nginx configtest
    

    reload configuration (this would be enough to make changes "work"):

    sudo service nginx reload
    

    restart the whole webserver:

    sudo service nginx restart
    

    Important note:

    All your server sections must be inside http section (or in a file included in http section):

    http {
        # some directives ...
        server {
            # ...
        }
        server {
            # ...
        }
        # ...
    }
    
    0 讨论(0)
  • 2021-02-05 21:16

    I searched a lot , finally this is my right answer. also remember to add a www A record in your domain registar's dns control panel.

     # Force all users to https://www.example.com
    server {
        listen 80;
        server_name example.com www.example.com;
        return 301 https://www.example.com$request_uri;
    }
    server {
        listen 443 ssl;
        server_name example.com;
        ssl_certificate /etc/nginx/ssl/www.example.com.pem;
        ssl_certificate_key /etc/nginx/ssl/www.example.com.key;
        return 301 https://www.example.com$request_uri;
    }
    server {
        listen 443 ssl;
        server_name www.example.com;
        root /var/www/html
    
        error_page  403 /error/404.html;
        error_page  404 /error/404.html;
        error_page  500 502 503 504 /error/50x.html;
        ssl_certificate /etc/nginx/ssl/www.example.com.pem;
        ssl_certificate_key /etc/nginx/ssl/www.example.com.key;
    }
    
    0 讨论(0)
  • 2021-02-05 21:20

    If you have a sites-enabled directory, do not use the "http" top directive. Just create another file (with any name) in the site-enabled directory that has:

    server {
        listen      80;   #listen for all the HTTP requests
        server_name example.com www.example.com;
        return      301         https://www.example.com$request_uri;
    }
    

    and comment out the line

    listen 80; 
    

    where the server_name is the same in the other file that serves www.example.com

    0 讨论(0)
提交回复
热议问题