Redirect 如何在没有3个服务器块的情况下将www.重定向到非www,将http重定向到https?
这就是我现在得到的Redirect 如何在没有3个服务器块的情况下将www.重定向到非www,将http重定向到https?,redirect,ssl,nginx,Redirect,Ssl,Nginx,这就是我现在得到的 server { listen 80; listen 443 ssl http2; server_name www.domain.com .old-domain.com; return 301 https://domain.com$request_uri; ################### ## SSL ssl_certificate /etc/letsencrypt/live/domain.com/fullch
server {
listen 80;
listen 443 ssl http2;
server_name www.domain.com .old-domain.com;
return 301 https://domain.com$request_uri;
###################
## SSL
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_dhparam /etc/ssl/private/dhparam.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
add_header Strict-Transport-Security max-age=31536000;
ssl_stapling on;
ssl_stapling_verify on;
}
server {
listen 80;
server_name domain.com;
return 301 https://domain.com$request_uri;
}
server {
listen 443 ssl http2;
server_name domain.com;
root /srv/mpen/public;
include restrictions.conf;
include php.conf;
# ... EXTRA_STUFF_HERE ...
###################
## SSL
# https://community.letsencrypt.org/t/nginx-configuration-sample/2173
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
# Generate with:
# openssl dhparam -out /etc/ssl/private/dhparam.pem 2048
ssl_dhparam /etc/ssl/private/dhparam.pem;
# Copied from https://mozilla.github.io/server-side-tls/ssl-config-generator/
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_prefer_server_ciphers on;
# HSTS. 7776000 seconds = 90 days which is how long letsencrypt certs last
add_header Strict-Transport-Security max-age=31536000;
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
# If you want to specify a DNS resolver for stapling, you can uncomment the below
# line. If you leave it commented, nginx will use your system resolver, which will probably
# work just fine!
#resolver <IP DNS resolver>;
}
将它们放到http中,所有服务器都将是相同的。或者使用
include
@AlexeyTen我不知道你说的“将它们放入http”是什么意思?我没有考虑include
——我至少可以用它来删除重复的SSL信息。http
是config的根元素。您可以在http
上下文中取消SSL相关指令。通常将它们放在/etc/nginx/conf.d
目录下的某个文件中,但这取决于OS@AlexeyTen哦…但那将适用于所有领域,不是吗?我不能那样,是的。如果是问题,请坚持使用include
解决。
http://domain.com -> https://domain.com
http:/www.domain.com -> https://domain.com
https://domain.com -> (no redirect necessary)
https://www.domain.com -> https://domain.com