如何将https从一个域重定向到另一个域的https?
我拥有指向NS服务器中相同IP /网站的三个域:
我只为最初为第一个域颁发的一个SSL许可证付费,所以当我购买第二个域时,我将所有流量重定向到https://example1.com
最近,我想将所有呼叫重定向到一个新域:https://example3.com。我为新域重新发行了旧的SSL许可证,并成功安装了它。最后一部分是将所有流量重定向到新域。
现在,来自http的所有流量都可以很好地重定向,但是http s (https://example1.com和https://example2.com)根本没有定向,从而导致工作“不安全”页。
当我尝试收听443 SSL
并将其从1&2名称服务器重定向到第三个名称服务器并运行service nginx restart
时,我得到:
Job for nginx.service failed because the control process exited with error code. See "systemctl status nginx.service" and "journalctl -xe" for details.
运行systemctl status nginx.service
时,我得到:
nginx.service - A high performance web server and a reverse proxy server
Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled)
Active: failed (Result: exit-code) since Sun 2020-05-24 17:53:24 UTC; 4min 5s ago
Process: 14068 ExecStop=/sbin/start-stop-daemon --quiet --stop --retry QUIT/5 --pidfile /run/nginx.pid (code=exited, status=0/SUCCESS)
Process: 13952 ExecStart=/usr/sbin/nginx -g daemon on; master_process on; (code=exited, status=0/SUCCESS)
Process: 14073 ExecStartPre=/usr/sbin/nginx -t -q -g daemon on; master_process on; (code=exited, status=1/FAILURE)
Main PID: 13957 (code=exited, status=0/SUCCESS)
我猜我做错了,不允许两次重定向443 SSL
。
这是我的conf,无需重定向https example1.com和example2.com就可以正常工作:
在/etc/nginx/nginx.conf
上,我有include /etc/nginx/sites-enabled/*;
。
在/etc/nginx/sites-enabled/example3.com.conf
上,我这样写:
server {
listen 80;
server_name example3.com wwww.example3.com example1.com www.example1.com example2.com www.example2.com;
rewrite ^/(.*) https://example3.com/$1 permanent;
}
server {
listen 443 ssl;
server_name example3.com;
ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/websitessl/example3.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
}
这可能是重复的: HTTPS to HTTPS redirect Nginx 但是我无法使其正常工作。
答案 0 :(得分:0)
感谢@RichardSmith,我了解到,为了在不发出“页面不安全”警告的情况下将HTTPS重定向到HTTPS,您应该将ssl_语句放在服务器块之外,以便将所有域都包括在内。
ssl_certificate /etc/ssl/certs/ssl-bundle.crt;
ssl_certificate_key /etc/ssl/websitessl/example3.com.key;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
server {
listen 80 default_server;
listen 443 ssl default_server;
return 301 https://example3.com$request_uri;
}
server {
listen 443 ssl;
server_name example3.com;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
}