NGINX Redirct所有流量www和非www http到https://example.com?

时间:2018-12-24 12:42:29

标签: ssl nginx redirect config

我的问题是我想将所有流量https和http,www和非www重定向到https://example.com,但是如果我访问https://example.com的网站,则会收到“您的连接不安全”的信息。

我遵循了这个答案NGINX: redirect non-www https to https://www,但它仅从http重定向到https,而非www重定向到www!

如何将全部重定向到https://?

       server
   {
    listen :80;
    server_name example.com www.example.com ;
    access_log /var/log/nginx/domains/example.com.log;
    access_log /var/log/nginx/domains/example.com.bytes bytes;
    error_log /var/log/nginx/domains/example.com.error.log;
    root /home/admin/domains/example.com/public_html;
    index index.php index.html index.htm;
    include /usr/local/directadmin/data/users/admin/nginx_php.conf;
    include /etc/nginx/webapps.conf;

    return 301 https://$host$request_uri;

   }

   server
   {
     listen :443 ssl http2;
    server_name example.com www.example.com ;
    access_log /var/log/nginx/domains/example.com.log;
    access_log /var/log/nginx/domains/example.com.bytes bytes;
    error_log /var/log/nginx/domains/example.com.error.log;
    root /home/admin/domains/example.com/private_html;
    index index.php index.html index.htm;
    ssl_certificate 
    /usr/local/directadmin/data/users/admin/domains/example.com.cert.combined;
    ssl_certificate_key    
    /usr/local/directadmin/data/users/admin/domains/example.com.key;
    include /usr/local/directadmin/data/users/admin/nginx_php.conf;
    include /etc/nginx/webapps.ssl.conf;
    add_header Strict-Transport-Security "max-age=3411" always; 


   open_file_cache max=200000 inactive=20s; 
   open_file_cache_valid 30s; 
   open_file_cache_min_uses 2;
   open_file_cache_errors on;
   client_header_timeout  3m;
   client_body_timeout    10;
   send_timeout           2;

   client_header_buffer_size    1k;
   large_client_header_buffers  4 4k;

   gzip on;
   gzip_min_length 10240;
   gzip_proxied expired no-cache no-store private auth;
   gzip_types text/plain text/css text/xml text/javascript application/x-      
   javascript    application/json application/xml;
   gzip_disable msie6;

   output_buffers   1 32k;
   postpone_output  1460;

   sendfile         on;
   tcp_nopush       on;
   tcp_nodelay      on;
   send_lowat       12000;

   keepalive_timeout 65;
   keepalive_requests 100000;
   reset_timedout_connection  on;

   server_tokens off;

   client_body_buffer_size 128k;

   client_max_body_size 10m;


    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location ~* \.(txt|log)$ {
        allow 192.168.0.0/16;
        deny all;
    }

    location ~ \..*/.*\.php$ {
        return 403;
    }

    location ~ ^/sites/.*/private/ {
        return 403;
    }

    location ~ ^/sites/[^/]+/files/.*\.php$ {
        deny all;
    }

    location ~* ^/.well-known/ {
        allow all;
    }

    location ~ (^|/)\. {
        return 403;
    }

    location / {
        try_files $uri /index.php?$query_string; # For Drupal >= 7
        if ($allowed_country = no) {
                return 443;
               }
    }

    location @rewrite {
        rewrite ^/(.*)$ /index.php?q=$1;
    }

    location ~ /vendor/.*\.php$ {
        deny all;
        return 404;
    }


    location ~ '\.php$|^/update.php' {
        fastcgi_split_path_info ^(.+?\.php)(|/.*)$;
        include fastcgi_params;
        fastcgi_param HTTP_PROXY "";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param PATH_INFO $fastcgi_path_info;
        fastcgi_param QUERY_STRING $query_string;
        fastcgi_intercept_errors on;
        #fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
    }

    location ~ ^/sites/.*/files/styles/ { # For Drupal >= 7
        try_files $uri @rewrite;
    }

    location ~ ^(/[a-z\-]+)?/system/files/ { # For Drupal >= 7
        try_files $uri /index.php?$query_string;
    }

       location ~* \.(js|css|png|jpg|jpeg|gif|ico|svg)$ {
        try_files $uri @rewrite;
        expires max;
        log_not_found off;
       }


   }

2 个答案:

答案 0 :(得分:0)

您进行的重定向看起来不错,但是您确定您具有example.com的有效ssl证书并且已正确安装在主机上? “您的连接不安全”消息通常与重定向无关,这是由于证书问题引起的。

答案 1 :(得分:0)

代替此:

    return 301 https://$host$request_uri;

使用:

    return 301 https://$server_name$request_uri;