Nginx certbot生成的配置文件上的ngnix www到no www
我正试图在下面显示的配置文件中获取对example.com和www.example.com的请求。该文件与certbot生成的文件完全相同 将两个Nginx certbot生成的配置文件上的ngnix www到no www,nginx,lets-encrypt,certbot,Nginx,Lets Encrypt,Certbot,我正试图在下面显示的配置文件中获取对example.com和www.example.com的请求。该文件与certbot生成的文件完全相同 将两个return 301语句更改为 return 301 https://example.com$request_uri; 未按预期的方式继续工作 如果有人能指出实现预期结果所需的确切更改,我们将不胜感激。简化的指令将是一个奖励,因为我对nginx和certbot都是新手。谢谢 server { root /var/www/html/drupal
return 301
语句更改为
return 301 https://example.com$request_uri;
未按预期的方式继续工作
如果有人能指出实现预期结果所需的确切更改,我们将不胜感激。简化的指令将是一个奖励,因为我对nginx和certbot都是新手。谢谢
server {
root /var/www/html/drupal;
index index.php index.html index.htm;
server_name example.com www.example.com;
location / {
try_files $uri /index.php?$query_string;
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location ~ [^/]\.php(/|$) {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
打开支架以获得更清晰的方式 创建2个侦听器,而不是一个443侦听器。和80个一样 这样,您就更容易知道正在做什么,每对主机和模式都有一个配置
server {
listen 80;
listen [::]:80;
server_name www.example.com; #this will only listen to http://www.example.com
location / {
return 301 https://example.com$request_uri; #and will upgrade to https
}
#we don't want that many redirects, so this will go directly to example.com
}
server {
listen 80;
listen [::]:80;
server_name example.com; #this will only listen to http://example.com
location / {
return 301 https://$host$request_uri; #and will upgrade to https
}
}
server {
server_name www.example.com;
location / {
return 301 https://example.com$request_uri #this redirects to non-www
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server{
#same server configuration as your first server bracket, only accepting https://example.com and not www.
}
我看到您正在将到达的连接发送到Drupal,因此认为Drupal有一个变量$base_url,它对该主机进行的任何重定向都是对该主机进行的,因此,如果将其设置为www.example.com,则与nginx conf无关,因为Drupal本身也可以进行重定向
希望它能有所帮助,任何问题都可以发表评论。现在可以了,@flaixman。我对你的建议做了一个改变,那就是用一个街区换80,因为他们都做了完全相同的事情。所以,这里是最后的版本:(我希望没有弄糟一些东西,这可能会导致以后的问题。)
关于Drupal的观察很棒,但我有一些非Drupal域,并且更喜欢类似的配置文件。你的建议奏效了,谢谢!但是一些微调问题-(1)我是否需要两个80的侦听器,例如example.com和www.example.com都转到https://example.com-可能是因为
if($host=…)
语句。(2) 另外,我是否需要复制443的整个块,包括root、index和所有location语句?或者我可以只保留一个443块,其中包含if($host=example.com…
语句,这些语句似乎在80块中工作吗?嗨,分离块意味着清楚地了解nginx中发生了什么,使用“ifs”和其他条件,您甚至可以将所有域放在同一个服务器块{}。实际上,是的,您可以在2服务器块{}上加入两个域,一个用于80,另一个用于443。443街区是“特殊的”。您不需要www块中的根或索引,因为您不打算将其定向到应用程序,您只需要该块重定向到非www。您唯一需要的是证书(因为不安全的中间重定向意味着整个连接不安全)。因此,您需要侦听哪个端口,侦听哪个域名,该域的证书,以及重定向到何处,因为您无需转到应用程序来搜索任何索引,也无需将根放在何处(因为https非www域是唯一将连接带到应用程序的域)。至于为什么分离块与在同一行中完成整个脚本是一样的,它可以工作,也会工作,但是当你在两个月后回来时,你会因为那样做而讨厌自己,而且不清晰,不间隔。很高兴我帮了忙:)明白了!有道理。我会听从你明智的建议:)
server {
listen 80;
listen [::]:80;
server_name example.com www.example.com;
location / {
return 301 https://example.com$request_uri;
}
}
server {
server_name www.example.com;
location / {
return 301 https://example.com$request_uri;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server{
root /var/www/html/d8;
index index.php index.html index.htm;
server_name example.com;
location / {
try_files $uri /index.php?$query_string;
}
location @rewrite {
rewrite ^/(.*)$ /index.php?q=$1;
}
location ~ [^/]\.php(/|$) {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
location ~ ^(/[a-z\-]+)?/system/files/ {
try_files $uri /index.php?$query_string;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}