我遇到此配置问题:
#=========================#
# domain settings #
#=========================#
# Catch http://domain, and http://www.domain
server {
listen 80;
server_name www.domain domain;
# Redirect to https://domain
return 301 https://domain$request_uri;
}
# Catch https://www.domain
server {
listen 443;
server_name www.domain;
# Redirect to https://domain
return 301 https://domain$request_uri;
}
# Catch https://domain
server {
listen 443;
server_name domain;
root /usr/share/nginx/domain;
index index.html index.htm;
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ =404;
}
}
第3台服务器指令有问题。我收到SSL连接错误。但当我评论我们的那一节时一切正常。但我希望www通过https重定向到非www
有人能发现问题吗?
答案 0 :(得分:2)
添加
ssl on;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "HIGH:!aNULL:!MD5 or HIGH:!aNULL:!MD5:!3DES";
ssl_prefer_server_ciphers on;
在第3个服务器指令中解决了这个问题。
答案 1 :(得分:1)
下面的Nginx配置代码段将使您有效地将所有http流量重定向到https,同时剥离所有可能的www前缀。
这样,您的网站将可以通过https严格访问,并且没有www前缀。
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name www.example.com example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
if ($host = www.example.com) {
return 301 https://example.com$request_uri;
}
server_name www.example.com example.com;
# SSL configuration
# Other configurations
}
关于if is evil,请注意使用if指令是安全的,因为它不在location上下文中使用。