我希望Nginx将所有连接重定向到:https://domain.xyz(如果需要,请删除www前缀并始终强制使用https),例如:
http://wwww.domain.xyz/param和domain.xyz/param应该将我重定向到https://domain.xyz。为此,我在默认服务器中进行了以下配置:
server {
return 301 https://$host$request_uri;
listen 80 default_server;
listen [::]:80 default_server;
}
和"子服务器":
server {
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
server_name domain.xyz;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name subdomain.domain.xyz;
location / {
proxy_pass http://localhost:8080;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/domain.xyz/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/domain.xyz/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
所以我假设默认服务器将同时为我做(删除www前缀和强制https),但是当我尝试打开www.domain.xyz时,我在Chrome控制台中收到此错误:
Redirecting navigation www.domain.xyz -> domain.xyz because the server presented a certificate valid for domain.xyz but not for www.domain.xyz. To disable such redirects launch Chrome with the following flag: --disable-features=SSLCommonNameMismatchHandling
除了一切都按预期工作。另外,正如你所看到我使用letsencrypt生成证书(对于domain.xyz和subdomain.domain.xyz - 没有wwww前缀(!) - 也许这就是原因)。总结一下: