nginx将非www重定向到www和https for domain.com和subdomain

时间:2016-07-15 14:14:09

标签: nginx

我在将非www网址重定向到www和https时遇到了问题。

我想要的是什么:

http://domain.com 
http://www.domain.com
https://domain.com

应重定向到https://www.domain.com

http://api.domain.com

应重定向到https://api.domain.com

我有domain.com和api.domain.com的seperata ssl键。 api.domain.com的SSL设置通过node.js应用程序处理。此外,domain.com使用根文档,api.domain.com使用proxy_pass到端口1336上的node.js应用程序。

我尝试了什么:

# route non ssl api to ssl
server {
    listen 80;
    server_name api.domain.com;
    return 301 https://api.domain.com;
}

# main ssl route for api.domain.com
server {
    listen 443 ssl;

    server_name api.domain.com;

    location / {
        proxy_pass https://localhost:1337;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

# route non ssl to www ssl
server {
    listen       80;
    server_name  www.domain.com domain.com;
    return       301 https://www.domain.com;
}

# route non www ssl to ssl
server {
    listen       443 ssl;
    server_name  domain.com;
    return       301 https://www.domain.com;
}

# main ssl route for domain.com
server {
    listen 443 ssl;

    ssl    on;
    ssl_certificate    /etc/letsencrypt/live/domain.com/fullchain.pem;
    ssl_certificate_key    /etc/letsencrypt/live/domain.com/privkey.pem;

    server_name www.domain.com;

    location / {
        root /var/www/domain.com/www;
    }
}

按预期工作的路线: https://www.domain.com http://domain.com http://www.domain.com

不工作:

https://domain.com - >不安全的连接,因为它试图使用来自api.domain.com的证书(这可能是缓存的,因为我可能在另一种方式之前尝试过它,这是错误的)

https://api.domain.com->重定向到https://domain.com

http://api.domain.com - >重定向到https://domain.com

  

nginx版本:nginx / 1.4.6(Ubuntu)

1 个答案:

答案 0 :(得分:5)

我可以让它知道了。一个问题是,

的nginx路线 
listen 443;
server_name www.domain.com;

也在触发https://domain.com。同时禁用Chrome开发者控制台中的缓存进行测试也是一个很大的帮助。

完整配置:

# main ssl route for www.domain.com
server {
    listen 443;
    server_name www.domain.com;

    ssl on;
    ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;

    root /var/www/domain.com/www;
}

# non-www ssl route
server {
    listen 443;
    server_name domain.com;

    return 301 https://www.domain.com$request_uri;
}

# route non ssl to www ssl
server {
    listen       80;
    server_name  www.domain.com domain.com;
    return       301 https://www.domain.com$request_uri;
}

# route non ssl api to ssl
server {
    listen 80;
    server_name api.domain.com;
    return 301 https://api.domain.com$request_uri;
}

# main ssl route for api.domain.com
server {
    listen 443 ssl;

    ssl    on;
    ssl_certificate    /etc/letsencrypt/live/api.domain.com/fullchain.pem;
    ssl_certificate_key    /etc/letsencrypt/live/api.domain.com/privkey.pem;

    server_name api.domain.com;

    location / {
        proxy_pass http://localhost:1337;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}
相关问题
最新问题