我正在尝试让我的域名重定向到1个单一的网址。
我拥有.com和.co.uk域名,我希望它是https,我已经设置并正常工作。
目标网址 - https://exam ple.co.uk
即
我当前的配置是:
server {
server_name example.com www.example.com www.example.co.uk example.co.uk;
return 301 https://example.co.uk$request_uri;
}
server {
listen *:443;
server_name example.co.uk;
}
(我的443服务器块还有更多功能,但我觉得这个问题不是必需的。)
我目前所设置的内容适用于以下所有内容:
我哪里错了?
由于 富
编辑:
完整的ssl服务器块。
server {
listen 443;
server_name example.co.uk;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Referrer-Policy "origin";
access_log /var/log/nginx/example.access.log;
error_log /var/log/nginx/example.error.log;
ssl on;
ssl_certificate /etc/nginx/ssl/example.co.uk.pem;
ssl_certificate_key /etc/nginx/ssl/example.co.uk.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Ssl on;
# Increase the proxy buffers for meteor browser-policy.
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
}
}
编辑2:
我已经开始工作了。不确定它是否是正确的方法。
server {
listen 80;
server_name example.com www.example.com www.example.co.uk example.co.uk;
return 301 https://example.co.uk$request_uri;
}
server {
listen 443 ssl;
server_name example.com www.example.com;
ssl_certificate /etc/nginx/ssl/example.co.uk.pem;
ssl_certificate_key /etc/nginx/ssl/example.co.uk.key;
return 301 https://example.co.uk$request_uri;
}
....
# Then my full ssl server block posted above for example.co.uk
答案 0 :(得分:0)
#catches all http requests
server {
listen 80;
server_name example.com www.example.com www.example.co.uk example.co.uk;
return 301 https://example.co.uk$request_uri;
}
#catches https for example.com
server {
listen 443;
server_name example.com www.example.com;
#ssl setup
return 301 https://example.co.uk$request_uri;
}
#catches https for www.example.co.uk
server {
listen 443;
server_name www.example.co.uk;
#ssl setup
return 301 https://example.co.uk$request_uri;
}
#catches https for example.co.uk
server {
listen 443;
server_name example.co.uk;
#ssl setup
...
}
这应该有用。
对于不同的域,您必须有两个单独的块,因为它们必须返回不同的证书。
答案 1 :(得分:0)
您可以使用letsencrypt创建免费的ssl多域证书。阅读:https://nginx.ru/en/docs/http/server_names.html nginx如何搜索server_name,不要担心重复的example.co.uk与〜^(www。)?示例。*
server {
listen 80;
liste 443 ssl http2;
ssl_certificate /etc/nginx/ssl/fullchain.pem
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
server_name example.co.uk;
location / {
root /var/www/app;
}
}
server {
listen 80;
liste 443 ssl http2;
ssl_certificate /etc/nginx/ssl/fullchain.pem
ssl_certificate_key /etc/nginx/ssl/privkey.pem;
server_name ~^(www\.)?example.*;
return 301 https://example.co.uk;
}