Ssl Nginx https certbot返回301——替换生成的certbot';如果';具有最佳做法的声明
我正在设置nginxweb服务器,对服务器块配置有疑问。FWIW,是Ubuntu 16.04,Nginx 1.13.10 我想按照Nginx和Nginx使用更高效的语法重写Certbot的自动生成代码(它使用IF语句进行重定向) 目标:将3个非Ssl Nginx https certbot返回301——替换生成的certbot';如果';具有最佳做法的声明,ssl,nginx,ubuntu-16.04,tls1.2,certbot,Ssl,Nginx,Ubuntu 16.04,Tls1.2,Certbot,我正在设置nginxweb服务器,对服务器块配置有疑问。FWIW,是Ubuntu 16.04,Nginx 1.13.10 我想按照Nginx和Nginx使用更高效的语法重写Certbot的自动生成代码(它使用IF语句进行重定向) 目标:将3个非https://@选项重定向到一个安全的@。换句话说,http://www.example.com, http://example.com, https://www.example.com应全部重定向到https://example.com——但没有IF
https://@
选项重定向到一个安全的@
。换句话说,http://www.example.com, http://example.com, https://www.example.com
应全部重定向到https://example.com
——但没有IF
我在S.O.和AskUbuntu上搜索过“nginx certbot return 301 redirect”等关键词,但似乎没有一个能解决IF问题。欢迎提供任何建议、链接和进一步阅读
问题:
http
重定向到https
,但不会删除www
。这是因为只有一些服务器正在侦听ipv6吗?如果没有,请提出建议李>
nginx-t
ATDHVAANNKSE(提前感谢)
根据nginx最佳实践,这里是https服务器的基本设置。这会将所有http通信重定向到https,并将www子域重定向到该域 当然,您必须将您的位置配置(php、ht等)复制到主块中,并且您的certbot配置到两个https块中。如果您将此设置为新服务器,certbot应正确生成到正确的服务器{}块中 我希望这对某人有帮助
# Basic server config, redirecting all http:// and www to https://@
##
# 0 - main server https @
##
server {
server_name example.com;
listen 443 ssl http2;
listen [::]:443 ssl http2; # managed by Certbot
#
# this is your main config. You don't really need to touch the others
# because they are simple redirects.
#
# include the certbot-generated cert, cert-key, options, and dhparam
# include all the location configs
# include all the php, wordpress, etc.
#
}
##
# 1 - redirect https www to @
##
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
#
# include certbot-generated cert, cert-key, options, and dhparam
#
}
##
# 2 - redirect http @ to https @
##
server {
listen 80;
listen [::]:80;
server_name example.com;
return 301 https://example.com$request_uri;
}
##
# 3 - redirect http www to https @
##
server {
listen [::]:80;
listen 80;
server_name www.example.com;
return 301 https://example.com$request_uri;
}
在测试提议的更改时,服务器似乎按预期响应。在服务器2和3上,我删除了“if”和“return404”行,添加了
return301https://example.com$request_uri
将ipv6添加到每个没有ipv6的服务器:侦听[:]:443 ssl代码>和听[:]:80代码>,分别为。(没有ipv6only=on
,理由是它是多余的。)这对Certbot的人员来说可能是一个有用的建议,因为它可能比当前的实现更符合Nginx最佳实践(和一般算法)。欢迎提出任何改进建议。
# Basic server config, redirecting all http:// and www to https://@
##
# 0 - main server https @
##
server {
server_name example.com;
listen 443 ssl http2;
listen [::]:443 ssl http2; # managed by Certbot
#
# this is your main config. You don't really need to touch the others
# because they are simple redirects.
#
# include the certbot-generated cert, cert-key, options, and dhparam
# include all the location configs
# include all the php, wordpress, etc.
#
}
##
# 1 - redirect https www to @
##
server {
listen [::]:443 ssl http2;
listen 443 ssl http2;
server_name www.example.com;
return 301 $scheme://example.com$request_uri;
#
# include certbot-generated cert, cert-key, options, and dhparam
#
}
##
# 2 - redirect http @ to https @
##
server {
listen 80;
listen [::]:80;
server_name example.com;
return 301 https://example.com$request_uri;
}
##
# 3 - redirect http www to https @
##
server {
listen [::]:80;
listen 80;
server_name www.example.com;
return 301 https://example.com$request_uri;
}