Nginx重定向http:// www和裸体http / https到https:// www [英] Nginx redirect http://www and naked http/https to https://www
问题描述
我想重定向以下域的所有流量:
I would like to redirect all traffic from the following domains:
-
http://domain.com
-
http://www.domain.com
-
https://domain.com
http://domain.com
http://www.domain.com
https://domain.com
至
-
https://www.domain.com
https://www.domain.com
我有上述域的SSL证书。它承载了由Passenger提供的Rails应用程序。
I have a SSL certificate for the above domain. It hosts a Rails app, served by Passenger.
为了完成裸域重定向,我在我的DNSimple帐户中设置了一个URL重定向:
To accomplish the naked domain redirect, I've set up an URL redirect in my DNSimple account:
URL domain.com 3600 https://www.domain.com
我的服务器块如下(灵感来自 Nginx no-www to www和www to no-www 等):
My server blocks are as follows (Inspired by Nginx no-www to www and www to no-www amongst others):
server {
listen 80;
listen 443;
server_name domain.com;
ssl on;
ssl_certificate /etc/ssl/domain-ssl.crt;
ssl_certificate_key /etc/ssl/domain.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
server_tokens off;
access_log /dev/null;
error_log /dev/null;
return 301 https://www.domain.com$request_uri;
}
server {
listen 443 ssl;
server_name www.domain.com;
root /home/deploy/app/current/public;
passenger_enabled on;
passenger_app_env production;
passenger_set_cgi_param HTTP_X_FORWARDED_PROTO https;
ssl on;
ssl_certificate /etc/ssl/domain-ssl.crt;
ssl_certificate_key /etc/ssl/domain.key;
ssl_session_timeout 5m;
ssl_protocols SSLv2 SSLv3 TLSv1;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
}
passenger_pre_start https://www.domain.com;
有用:
- 裸域被重定向到安全
https:// www
-
http:// www
域被重定向到安全https:// www
-
https: /
www工作
- naked domain gets redirected to secure
https://www
http://www
domain gets redirected to securehttps://www
https://
www works
什么不是:
- 裸体
https://
不起作用,浏览器会抛出未找到的服务器
- Naked
https://
doesn't work, browsers throws a server not found
基本上我想将所有流量重定向到安全的 https://www.domain.com
。我在这里缺少什么?
Basically I want to redirect all traffic to the secure https://www.domain.com
. What am I missing here?
推荐答案
如果您没有domain.com重定向从 https://domain.com https:/ /www.domain.com 将不起作用,因为在浏览器获得重定向之前,必须成功建立SSL连接(https是SSL内部的http),并且由于证书不匹配而失败。
If you don't have a certificate for domain.com redirecting from https://domain.com to https://www.domain.com will not work, because before the browser gets the redirect it has to successfully establish the SSL connection (https is http inside SSL) and this fails because the certificate does not match.
这篇关于Nginx重定向http:// www和裸体http / https到https:// www的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!