Nginx将非www重定向到domain.com和子域的www和https
我在将非www网址重定向到www和https时遇到问题.
Im having problems redirecting my non-www urls to www and https.
我想要什么:
http://domain.com
http://www.domain.com
https://domain.com
应重定向到https://www.domain.com.
http://api.domain.com
应重定向到https://api.domain.com
我有domain.com和api.domain.com的seperata ssl密钥. api.domain.com的SSL设置是通过node.js应用处理的.此外,domain.com使用根文档,而api.domain.com使用proxy_pass到端口1336上的node.js应用程序.
I have seperata ssl keys for domain.com and api.domain.com. SSL settings for api.domain.com is handled via the node.js app. Furthermore domain.com uses a root document and api.domain.com is using proxy_pass to a node.js application on port 1336.
我尝试过的事情:
# route non ssl api to ssl
server {
listen 80;
server_name api.domain.com;
return 301 https://api.domain.com;
}
# main ssl route for api.domain.com
server {
listen 443 ssl;
server_name api.domain.com;
location / {
proxy_pass https://localhost:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
# route non ssl to www ssl
server {
listen 80;
server_name www.domain.com domain.com;
return 301 https://www.domain.com;
}
# route non www ssl to ssl
server {
listen 443 ssl;
server_name domain.com;
return 301 https://www.domain.com;
}
# main ssl route for domain.com
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
server_name www.domain.com;
location / {
root /var/www/domain.com/www;
}
}
按预期运行的路由: https://www.domain.com http://domain.com http://www.domain.com
Routes which are working as expected: https://www.domain.com http://domain.com http://www.domain.com
不起作用:
https://domain.com ->不安全的连接,因为它试图使用api.domain中的证书.com(可以将其缓存,因为也许我在另一种方法之前尝试过了,这是错误的)
https://domain.com -> not secure connection, because it's trying to use the cert from api.domain.com (could this be cached, because maybe I tried it before another way, which was wrong)
https://api.domain.com- >重定向到 http://api.domain.com ->重定向到
nginx版本:nginx/1.4.6(Ubuntu)
nginx version: nginx/1.4.6 (Ubuntu)
我可以知道它的工作原理.一个问题是,
I could get it working know. One problem was, that nginx route for
listen 443;
server_name www.domain.com;
还会触发 https://domain.com .另外,在Chrome开发者控制台中禁用缓存进行测试也是一项巨大的帮助.
was also triggering for https://domain.com. Also disabling the cache in the Chrome Dev Console for testing was a huge help.
完整配置:
# main ssl route for www.domain.com
server {
listen 443;
server_name www.domain.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
root /var/www/domain.com/www;
}
# non-www ssl route
server {
listen 443;
server_name domain.com;
return 301 https://www.domain.com$request_uri;
}
# route non ssl to www ssl
server {
listen 80;
server_name www.domain.com domain.com;
return 301 https://www.domain.com$request_uri;
}
# route non ssl api to ssl
server {
listen 80;
server_name api.domain.com;
return 301 https://api.domain.com$request_uri;
}
# main ssl route for api.domain.com
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/api.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.domain.com/privkey.pem;
server_name api.domain.com;
location / {
proxy_pass http://localhost:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}