Nginx 将 http://www 和裸 http/https 重定向到 https://www [英] Nginx redirect http://www and naked http/https to https://www

问题描述

我想重定向来自以下域的所有流量:

I would like to redirect all traffic from the following domains:

• http://domain.com
• http://www.domain.com
• https://domain.com

到

• https://www.domain.com

我有上述域的 SSL 证书.它托管一个 Rails 应用，由Passenger 提供服务.

I have a SSL certificate for the above domain. It hosts a Rails app, served by Passenger.

为了完成裸域重定向，我在我的 DNSimple 帐户中设置了一个 URL 重定向:

To accomplish the naked domain redirect, I've set up an URL redirect in my DNSimple account:

URL domain.com  3600  https://www.domain.com

我的服务器块如下(灵感来自Nginx no-www 到 www 和 www 到 no-www 等等):

My server blocks are as follows (Inspired by Nginx no-www to www and www to no-www amongst others):

server {
    listen          80;
    listen          443;
    server_name     domain.com;

    ssl                             on;
    ssl_certificate                 /etc/ssl/domain-ssl.crt;
    ssl_certificate_key             /etc/ssl/domain.key;
    ssl_session_timeout             5m;
    ssl_protocols                   SSLv2 SSLv3 TLSv1;
    ssl_ciphers                     HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers       on;

    server_tokens   off;
    access_log      /dev/null;
    error_log       /dev/null;

    return 301 https://www.domain.com$request_uri;
}

server {
    listen          443 ssl;
    server_name     www.domain.com;

    root                            /home/deploy/app/current/public;
    passenger_enabled               on;
    passenger_app_env               production;
    passenger_set_cgi_param         HTTP_X_FORWARDED_PROTO https;

    ssl                             on;
    ssl_certificate                 /etc/ssl/domain-ssl.crt;
    ssl_certificate_key             /etc/ssl/domain.key;
    ssl_session_timeout             5m;
    ssl_protocols                   SSLv2 SSLv3 TLSv1;
    ssl_ciphers                     HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers       on;
}

passenger_pre_start https://www.domain.com;

什么有效:

• 裸域被重定向到安全的https://www
• http://www 域被重定向到安全的 https://www
• https:// www 作品

• naked domain gets redirected to secure https://www
• http://www domain gets redirected to secure https://www
• https:// www works

什么不是:

• Naked https:// 不起作用，浏览器抛出找不到服务器

• Naked https:// doesn't work, browsers throws a server not found

基本上我想将所有流量重定向到安全的 https://www.domain.com.我在这里错过了什么?

Basically I want to redirect all traffic to the secure https://www.domain.com. What am I missing here?

推荐答案

如果您没有用于从 重定向的 domain.com 的证书https://domain.com 到 https://www.domain.com 将不起作用，因为在浏览器获得重定向之前，它必须成功建立 SSL 连接(https 是 SSL 内的 http)，并且由于证书不匹配而失败.

If you don't have a certificate for domain.com redirecting from https://domain.com to https://www.domain.com will not work, because before the browser gets the redirect it has to successfully establish the SSL connection (https is http inside SSL) and this fails because the certificate does not match.

这篇关于Nginx 将 http://www 和裸 http/https 重定向到 https://www的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！