问题
After purchasing a SSL certificate I have been trying to force all pages to secured https and to www.
https://www.exampl.com is working and secure but only if type it in exactly. www.example.com or example.com are still pointing to http.
We use nginx as a proxy and need to input the rewrite there. I have SSH / root access via Putty. I have accessed nginx.conf by inputting into putty.
Now what? Do I input the nginx commands on this page? Starting where the cursor is? Any command lines first?
HTTPS:
.htacess – Original code I was given before I found out I had to input into nginx
RewriteEngine On
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://www.example.com/$1 [R,L]
Nginx code converter – This is how it shows on the converter. Is everything on the correct lines?
# nginx configuration location / {
if ($http_host ~* "^example.com"){
rewrite ^(.*)$ http://example.com/$1 redirect; } }
and then
WWW
.htacess – Original code I was given before I found out I had to input into nginx
#Force www:
RewriteEngine on
RewriteCond %{HTTP_HOST} ^example.com [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R=301,NC]
Nginx code converter – This is how it shows on the converter. Is everything on the correct line?
# nginx configuration location / {
if ($http_host ~* "^example.com"){
rewrite ^(.*)$ http://www.example.com/$1 redirect; }
}
Do I then save? Restart?
Any help would be greatly appreciated. I have been battling this for weeks. My Hosting company helped as far as they could, now I am learning on the fly…. Or should I just stop and hire a developer? $$$
Thanks
回答1:
The best way to implement WWW and HTTPS redirection is to create a new server
section in Nginx config:
server {
listen 80; #listen for all the HTTP requests
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
You will also have to perform https://example.com to https://www.example.com redirection. This may be done with code similar to the following:
server {
listen 443 ssl;
server_name example.com;
ssl_certificate ssl.crt; #you have to put here...
ssl_certificate_key ssl.key; # ...paths to your certificate files
return 301 https://www.example.com$request_uri;
}
And of course, you must reload Nginx config after each change. Here are some useful commands:
check for errors in the configuration:
sudo service nginx configtest
reload configuration (this would be enough to make changes "work"):
sudo service nginx reload
restart the whole webserver:
sudo service nginx restart
Important note:
All your server
sections must be inside http
section (or in a file included in http
section):
http {
# some directives ...
server {
# ...
}
server {
# ...
}
# ...
}
回答2:
The following solution seems to be clear and simple, everything defined in one server block. So with this setup I force everything to https://www.domain.tld, so both handlers are here non-HTTPS and non-WWW on HTTPS. There are two IF's but if you don't want to duplicate entire SSL block two times to handle it... this is the way to do it.
server {
listen 80;
listen 443 ssl;
server_name domain.tld www.domain.tld;
# global HTTP handler
if ($scheme = http) {
return 301 https://www.domain.tld$request_uri;
}
# global non-WWW HTTPS handler
if ($http_host = domain.tld){
return 303 https://www.domain.tld$request_uri;
}
}
And even better solution to avoid IF's:
# Redirect all traffic from HTTP to HTTPS
server {
listen 80;
server_name example.com www.example.com;
# Destination redirect base URI
set $RURI https://www.example.com;
location / {return 301 $RURI$request_uri;}
}
# Redirect non-WWW HTTPS traffic to WWW HTTPS
server {
listen 443 ssl;
# NOTE: SSL configuration is defined elsewhere
server_name example.com;
return 301 $scheme://www.$host$request_uri;
}
# MAIN SERVER BLOCK
server {
listen 443 ssl;
# NOTE: SSL configuration is defined elsewhere
server_name www.example.com;
}
回答3:
If you have a sites-enabled directory, do not use the "http" top directive. Just create another file (with any name) in the site-enabled directory that has:
server {
listen 80; #listen for all the HTTP requests
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
and comment out the line
listen 80;
where the server_name is the same in the other file that serves www.example.com
回答4:
I searched a lot , finally this is my right answer. also remember to add a www A record in your domain registar's dns control panel.
# Force all users to https://www.example.com
server {
listen 80;
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/ssl/www.example.com.pem;
ssl_certificate_key /etc/nginx/ssl/www.example.com.key;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
root /var/www/html
error_page 403 /error/404.html;
error_page 404 /error/404.html;
error_page 500 502 503 504 /error/50x.html;
ssl_certificate /etc/nginx/ssl/www.example.com.pem;
ssl_certificate_key /etc/nginx/ssl/www.example.com.key;
}
来源:https://stackoverflow.com/questions/32486739/force-www-and-https-in-nginx-conf-ssl