Nginx 将 http://www 和裸 http/https 重定向到 https://www [英] Nginx redirect http://www and naked http/https to https://www
问题描述
我想重定向来自以下域的所有流量:
I would like to redirect all traffic from the following domains:
http://domain.com
http://www.domain.com
https://domain.com
到
https://www.domain.com
我有上述域的 SSL 证书.它托管一个 Rails 应用,由Passenger 提供服务.
I have a SSL certificate for the above domain. It hosts a Rails app, served by Passenger.
为了完成裸域重定向,我在我的 DNSimple 帐户中设置了一个 URL 重定向:
To accomplish the naked domain redirect, I've set up an URL redirect in my DNSimple account:
URL domain.com 3600 https://www.domain.com
我的服务器块如下(灵感来自Nginx no-www 到 www 和 www 到 no-www 等等):
My server blocks are as follows (Inspired by Nginx no-www to www and www to no-www amongst others):
server {
listen 80;
listen 443;
server_name domain.com;
ssl on;
ssl_certificate /etc/ssl/domain-ssl.crt;
ssl_certificate_key /etc/ssl/domain.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
server_tokens off;
access_log /dev/null;
error_log /dev/null;
return 301 https://www.domain.com$request_uri;
}
server {
listen 443 ssl;
server_name www.domain.com;
root /home/deploy/app/current/public;
passenger_enabled on;
passenger_app_env production;
passenger_set_cgi_param HTTP_X_FORWARDED_PROTO https;
ssl on;
ssl_certificate /etc/ssl/domain-ssl.crt;
ssl_certificate_key /etc/ssl/domain.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
}
passenger_pre_start https://www.domain.com;
什么有效:
- 裸域被重定向到安全的
https://www
http://www
域被重定向到安全的https://www
https://
www 作品
- naked domain gets redirected to secure
https://www
http://www
domain gets redirected to securehttps://www
https://
www works
什么不是:
- Naked
https://
不起作用,浏览器抛出找不到服务器
- Naked
https://
doesn't work, browsers throws a server not found
基本上我想将所有流量重定向到安全的 https://www.domain.com
.我在这里错过了什么?
Basically I want to redirect all traffic to the secure https://www.domain.com
. What am I missing here?
推荐答案
如果您没有用于从 重定向的 domain.com 的证书https://domain.com 到 https://www.domain.com 将不起作用,因为在浏览器获得重定向之前,它必须成功建立 SSL 连接(https 是 SSL 内的 http),并且由于证书不匹配而失败.
If you don't have a certificate for domain.com redirecting from https://domain.com to https://www.domain.com will not work, because before the browser gets the redirect it has to successfully establish the SSL connection (https is http inside SSL) and this fails because the certificate does not match.
这篇关于Nginx 将 http://www 和裸 http/https 重定向到 https://www的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!