我在将非www网址重定向到www和https时遇到了问题。
我想要的是什么:
http://domain.com
http://www.domain.com
https://domain.com
应重定向到https://www.domain.com。
http://api.domain.com
应重定向到https://api.domain.com
我有domain.com和api.domain.com的seperata ssl键。 api.domain.com的SSL设置通过node.js应用程序处理。此外,domain.com使用根文档,api.domain.com使用proxy_pass到端口1336上的node.js应用程序。
我尝试了什么:
# route non ssl api to ssl
server {
listen 80;
server_name api.domain.com;
return 301 https://api.domain.com;
}
# main ssl route for api.domain.com
server {
listen 443 ssl;
server_name api.domain.com;
location / {
proxy_pass https://localhost:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
# route non ssl to www ssl
server {
listen 80;
server_name www.domain.com domain.com;
return 301 https://www.domain.com;
}
# route non www ssl to ssl
server {
listen 443 ssl;
server_name domain.com;
return 301 https://www.domain.com;
}
# main ssl route for domain.com
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
server_name www.domain.com;
location / {
root /var/www/domain.com/www;
}
}
按预期工作的路线: https://www.domain.com http://domain.com http://www.domain.com
不工作:
https://domain.com - >不安全的连接,因为它试图使用来自api.domain.com的证书(这可能是缓存的,因为我可能在另一种方式之前尝试过它,这是错误的)
https://api.domain.com->重定向到https://domain.com
http://api.domain.com - >重定向到https://domain.com
nginx版本:nginx / 1.4.6(Ubuntu)
答案 0 :(得分:5)
我可以让它知道了。一个问题是,
的nginx路线listen 443;
server_name www.domain.com;
也在触发https://domain.com。同时禁用Chrome开发者控制台中的缓存进行测试也是一个很大的帮助。
完整配置:
# main ssl route for www.domain.com
server {
listen 443;
server_name www.domain.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
root /var/www/domain.com/www;
}
# non-www ssl route
server {
listen 443;
server_name domain.com;
return 301 https://www.domain.com$request_uri;
}
# route non ssl to www ssl
server {
listen 80;
server_name www.domain.com domain.com;
return 301 https://www.domain.com$request_uri;
}
# route non ssl api to ssl
server {
listen 80;
server_name api.domain.com;
return 301 https://api.domain.com$request_uri;
}
# main ssl route for api.domain.com
server {
listen 443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/api.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.domain.com/privkey.pem;
server_name api.domain.com;
location / {
proxy_pass http://localhost:1337;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}