6

Nginx redirect http to https and non www to www

 2 years ago
source link: https://ypereirareis.github.io/blog/2017/02/14/nginx-redirect-http-to-https-non-www-to-www/
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
neoserver,ios ssh client

Docker

Redirect HTTP to HTTPS (http://www.example.com to https://example.com)

server {
	server_name www.example.com;
	listen 80 ;
	access_log /var/log/nginx/access.log vhost;
	return 301 https://$host$request_uri;
}

Redirect non-WWW to WWW (https://example.com to https://www.example.com)

SSL certificate configuration must be defined

  • ssl_certificate /etc/nginx/certs/example.com.crt;
  • ssl_certificate_key /etc/nginx/certs/example.com.key;
  • ssl_dhparam /etc/nginx/certs/example.com.dhparam.pem;
server {
	server_name example.com;
	listen 443 ssl http2 ;
	ssl_certificate /etc/nginx/certs/example.com.crt;
	ssl_certificate_key /etc/nginx/certs/example.com.key;
	ssl_dhparam /etc/nginx/certs/example.com.dhparam.pem;
	return 301 $scheme://www.example.com$request_uri;
}

Redirect http://example.com to https://www.example.com

server {
	listen 80;
	server_name example.com;
	return 301 https://www.example.com$request_uri;
}

We could have merged this configuration with the first one :

server {
  listen 80 ;
  server_name example.com www.example.com;
  return 301 https://$server_name$request_uri;
}

Redirect IP address to domain name

Of course your SSL certificate must be valid for the IP address

server {
  listen 80;
  server_name xxx.xxx.xxx.xxx;
  return 301 https://example.com$request_uri;
}

server {
  server_name xxx.xxx.xxx.xxx;
  listen 443 ssl http2 ;
  ssl_certificate /etc/nginx/certs/example.com.crt;
  ssl_certificate_key /etc/nginx/certs/example.com.key;
  ssl_dhparam /etc/nginx/certs/example.com.dhparam.pem;
  return 301 https://example.com$request_uri;
}

Main config catching https://www.example.com used as a reverse proxy here

server {
	server_name www.example.com;
	listen 443 ssl http2 ;
	access_log /var/log/nginx/access.log vhost;
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
	ssl_prefer_server_ciphers on;
	ssl_session_timeout 5m;
	ssl_session_cache shared:SSL:50m;
	ssl_session_tickets off;
	ssl_certificate /etc/nginx/certs/www.example.com.crt;
	ssl_certificate_key /etc/nginx/certs/www.example.com.key;
	ssl_dhparam /etc/nginx/certs/www.example.com.dhparam.pem;
	add_header Strict-Transport-Security "max-age=31536000";
	include /etc/nginx/vhost.d/default;
	location / {
		proxy_pass http://www.example.com;
	}
}

Nginx redirect http to https and non www to www was published on February 14, 2017.


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK