在Ubuntu 16.04上使用ssl从www重定向到在Nginx中不起作用的非www

时间:2019-01-09 15:11:01

标签: ssl nginx redirect

我在DigitalOcean Ubuntu 16.04 Droplet上有一个Meteor 1.6站点,该站点使用Phusion Passenger和Nginx进行了部署。

我已经在服务器上设置了ssl。

http://mysite重定向到https://mysite,该站点可以正常运行。

然而,http://www.mysite重定向到https://mysite,显示的只是默认的Nginx页面“欢迎使用nginx!”。

我已按照教程进行操作,并尝试了其他论坛帖子中的内容,但找不到我的设置有什么问题。

DigitalOcean控制面板中的DNS记录:

A   www.mysite.org directs to xxx.xx.xx.xx 3600
A   mysite.org directs to xxx.xx.xx.xx 1800

然后按照本教程使用Certbot和LetsEncrypt配置ssl: https://www.digitalocean.com/community/tutorials/how-to-set-up-let-s-encrypt-with-nginx-server-blocks-on-ubuntu-16-04

并且按照本教程,我添加了一个服务器块将www重定向到普通域: https://www.digitalocean.com/community/tutorials/how-to-redirect-www-to-non-www-with-nginx-on-ubuntu-14-04

这是我的Nginx配置:

sudo nano /etc/nginx/sites-enabled/mysite.conf

server {
    server_name mysite.org www.mysite.org;

    ...Meteor app config

    # added by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/mysite.org/fullchain.pem$
    ssl_certificate_key /etc/letsencrypt/live/mysite.org/privkey.p$
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

# added by me
server {
    server_name www.mysite.org;
    return 301 $scheme://mysite.org$request_uri;
}

# added by Certbot
server {
    if ($host = mysite.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80;
    server_name mysite.org;
    return 404; # managed by Certbot
}

我尝试将其添加到服务器重定向块中,但没有什么不同:

listen 80;
listen 443 ssl;

关于如何使www.mysite-> mysite重定向正常工作的任何想法?谢谢!

更新:我在不同的应用程序上尝试了flaixman的答案,在不同的Droplet上尝试了Django应用程序,并且有效。但是我仍然无法重定向到我的Meteor应用程序上工作。两个站点的A和CNAME记录配置方式都相同。

这是我基于flaixman的答案的流星配置:

server {
    listen 80;
    server_name example.org www.example.org;
    return 301 https://example.org$request_uri;
}

server {
    listen 443 ssl http2; #https of www*, 301 to right domain.
    server_name www.example.org;

    ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    return 301 https://example.org$request_uri;
}

server {
    listen 443 ssl http2;
    server_name example.org;

    ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    # Tell Nginx and Passenger where your app's 'public' directory is
    root /var/www/example/bundle/public;

    # Turn on Passenger
    passenger_enabled on;
    # Tell Passenger that your app is a Meteor app

    passenger_app_type node;
    passenger_startup_file main.js;

    # Tell your app where MongoDB is
    passenger_env_var MONGO_URL mongodb://localhost:27017/example;
    passenger_env_var MONGO_OPLOG_URL mongodb://localhost:27017/local;

    # Tell your app what its root URL is
    passenger_env_var ROOT_URL http://example.org;
}

在我的nginx错误日志/var/log/nginx/error.log中,我看到以下消息:

2019/01/17 17:30:52 [warn] 7786#7786: conflicting server name "www.example.org" on 0.0.0.0:80, ignored
2019/01/17 17:30:52 [warn] 7786#7786: conflicting server name "www.example.org" on 0.0.0.0:443, ignored
2019/01/17 17:30:52 [warn] 7789#7789: conflicting server name "www.example.org" on 0.0.0.0:80, ignored
2019/01/17 17:30:52 [warn] 7789#7789: conflicting server name "www.example.org" on 0.0.0.0:443, ignored

我希望这意味着我在conf文件中有一个重复的listen指令,但看不到任何内容?我已经检查过ls -a,并且文件夹中没有conf文件的第二个副本。

该错误可能与重定向失败有关,但我看不到是什么原因导致了该错误?

再次编辑:我终于在/ etc / nginx / sites-available / default中找到了重复的监听指令。不知道Certbot是否插入了它们,还是我自己设置服务器时将它们放回原处...总之,注释掉它们似乎已经解决了问题。 Phusion Passenger指令中用于设置服务器块的某些内容可能与LetsEncrypt指令冲突吗?无论如何,nginx错误日志!

2 个答案:

答案 0 :(得分:0)

检查您的DNS设置。 您必须具有CNAME或A条目“ www”。

myvar = results['search-results']['entry'][0]['eid']
print (myvar)

www A   ip

还需要在代码块中添加监听参数

www CNAME   domain.com

编辑:基于评论。

将此添加到您的conf顶部

listen 443 ssl http2;

答案 1 :(得分:0)

Stackoverflow告诉我,mysite不是一个适合用作示例的域,因此我将所有内容都更改为“ example”而不是“ mysite”

我想您想要的就是将所有内容重定向到https example.org,不是吗?这是您的代码应如下所示:

来自http的请求,主机以www *还是不带www都没有关系。一切都将在没有www的情况下通过https重定向到主机。

server {
    listen 80; 
    server_name example.org www.example.org;
    return 301 https://example.org$request_uri;
}

如果主机是www *并且通过https进行访问,请重定向到不带www的https。顺便说一下,这里您将需要使用www.example.org的证书,因为没有证书,连接是不安全的。

server {
    listen 443 ssl http2; #https of www*, 301 to right domain.
    server_name www.example.org;
    #are you sure those 2 paths are right? with the final $.
    ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem$
    ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.p$
    include /etc/letsencrypt/options-ssl-nginx.conf; 
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 

    return 301 https://example.org$request_uri;
}

最后,如果它带有正确的方案和正确的主机,则可以执行您想要的任何事情。

server {
    listen 443 ssl http2;
    server_name example.org;

    ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem$
    ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.p$
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    #do what you want to do here.
}

如果您对自己的解释有任何疑问或想念的地方,只需评论一下,我会尽快修复。