怎么把https://xxx.com 重定向到https://www.xxx.com

mischief

server {

........

listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

server {
  if ($host != www.example.com) {
        return 301 https://www.example.com$request_uri;
    }

  if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen       80;
    server_name  www.example.com example.com;
    return 404; # managed by Certbot

}

cerbot 开启了HSTS（我不知道怎么关闭）
自己加了句
if ($host != www.example.com) {
        return 301 https://www.example.com$request_uri;
    }

但是这样以后发现 https://example.com 无法重定向到https://www.example.com

谢谢各位大佬，求指点

mischief

jimi 发表于 2018-11-28 18:55

你没有listen 443吧
listen 443 ssl; # managed by Certbot
cerbot自己设置到前面的server里的

陈道临

[ol]

server {

  listen 80;

  listen [::]:80;

  listen 443 ssl http2;

  listen [::]:443 ssl http2;

  #ECC

  ssl_certificate /usr/local/nginx/conf/ssl/nyaa.uk_ECC.crt;

  ssl_certificate_key /usr/local/nginx/conf/ssl/nyaa.uk_ECC.key;

  #RSA

  ssl_certificate /usr/local/nginx/conf/ssl/nyaa.uk_RSA.crt;

  ssl_certificate_key /usr/local/nginx/conf/ssl/nyaa.uk_RSA.key;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

  ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;

  ssl_prefer_server_ciphers on;

  ssl_session_timeout 1d;

  ssl_session_cache shared:SSL:50m;

  ssl_session_tickets off;

  ssl_buffer_size 1400;

  add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

  ssl_stapling on;

  ssl_stapling_verify on;

  server_name nyaa.uk www.nyaa.uk;

  access_log /home/wwwlogs/nyaa.uk_nginx.log combined;

  #index index.html index.htm index.php;

  #root /home/wwwroot/nyaa.uk;

  if ($ssl_protocol = "") { return 301 https://$host$request_uri; }

  if ($host != nyaa.uk) {  return 301 $scheme://nyaa.uk$request_uri;  }

  #include /usr/local/nginx/conf/rewrite/none.conf;

  #error_page 404 /404.html;

  #error_page 502 /502.html;

  location / {

    sub_filter_types text/css text/xml application/xhtml+xml application/xml;

    sub_filter nyaa.si nyaa.uk;

    sub_filter_once off;

    proxy_set_header X-Real-IP $remote_addr;

    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

    proxy_set_header Referer https://nyaa.si;

    proxy_set_header Host nyaa.si;

    proxy_pass https://nyaa.si;

    proxy_set_header Accept-Encoding "";

  }

}[/ol]复制代码

看着改

每次醒来

server {
    listen 80;
    server_name XXX.com www.XXX.com;
    return 301 https://www.XXX.com$request_uri;
}
server {
    listen 443 ssl;
    ssl_certificate  /home/ssl/www.XXX.com/www.XXX.com.crt;
    ssl_certificate_key  /home/ssl/www.XXX.com/www.XXX.com.pem;
    server_name XXX.com;
    return 301 https://www.XXX.com$request_uri;
}
server
    {
listen 443 ssl http2;
ssl on;
ssl_certificate  /home/ssl/www.XXX.com/www.XXX.com.crt;
ssl_certificate_key  /home/ssl/www.XXX.com/www.XXX.com.pem;
ssl_protocols TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
        #listen [::]:80;
        server_name www.XXX.com;
        index index.html index.htm index.php default.html default.htm default.php;
        root  /home/wwwroot/www.XXX.com;
此处省略..
}

斜阳晚暮

本帖最后由 斜阳晚暮 于 2018-11-28 19:03 编辑
[ol]

server

    {

        listen 443;

        server_name  xxx.com;

        index index.html index.htm index.php default.html default.htm default.phpp;

        root  /home/wwwroot/xxx;

        ssl on;

        ssl_certificate /home/www/xxx.crt;    #生成的证书

        ssl_certificate_key /home/www/xxx.key;    #生成的密钥

        ssl_session_cache shared:SSL:10m;

        ssl_session_timeout 10m;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

        ssl_stapling on;

        ssl_ciphers "ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA";

        ssl_prefer_server_ciphers on;

        rewrite ^(.*)$ https:/www.xxx.com$1 permanent;

    }

server

    {

        listen 80;

        server_name xxx.com www.xxx.com;

        rewrite ^(.*)$ https://www.xxx.com$1 permanent;

   }

[/ol]复制代码

huaxing0211

http://nginx.org/en/docs/http/converting_rewrite_rules.html

pavilion1019

nginx的话301 重定向

zc035

抛开 软件环境 谈效果。。哎呀！

如果你跑 apache ，就上套了！

mischiefzc035

zc035 发表于 2018-11-28 19:04

抛开 软件环境 谈效果。。哎呀！

如果你跑 apache ，就上套了！
用的 nginx  给cerbot自动设置的.conf绕晕了
mischief 发表于 2018-11-28 19:11

用的 nginx  给cerbot自动设置的.conf绕晕了
语法没错，加的位置错了而已！