nginx - (http / https)非www到www重定向
[英]nginx - (http / https) non-www to www redirection
问题描述
I am have a website running on laravel 5 framework and hosted on DigitalOcean via laravel forge. 
我有一个运行在laravel 5框架上的网站,并通过laravel forge在DigitalOcean上托管。 I have just purchased a simple SSL Certificate from Namecheap for the sake of trying the certificate. 我刚刚从Namecheap购买了一个简单的SSL证书,以便尝试使用证书。 Before installing the certificate everything was fine, i was able to load my website properly. 在安装证书之前一切都很好,我能够正确加载我的网站。 After i install the certificate via Laravel Forge, my site is not loadable anymore (either http or https). 通过Laravel Forge安装证书后,我的网站不再可加载(http或https)。 I have no idea what is happening and from where to start debugging. 我不知道发生了什么以及从哪里开始调试。 Hopefully someone is able to provide me with some assistance. 希望有人能够为我提供一些帮助。
I will provide you as much information as I can in below. 我会在下面为您提供尽可能多的信息。
Nginx.conf via Laravel forge Nginx.conf通过Laravel forge
server {
listen 80;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 80;
server_name www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
return 301 $scheme://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
root /home/forge/www.example.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/www.example.com/10772/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/10772/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
client_max_body_size 128M;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/www.example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
Server Details VPS Provider: DigitalOcean 服务器详细信息 VPS提供商:DigitalOcean
Deployment: Laravel Forge 部署:Laravel Forge
Platform: Ubuntu 14.04 x64 vmlinuz-3.13.0-57-generic 平台:Ubuntu 14.04 x64 vmlinuz-3.13.0-57-generic
Framework: Laravel 5 框架:Laravel 5
Domain reg: Namecheap 域名注册:Namecheap
DNS Svr: ns1,ns2,ns3.digitalocean.com DNS Svr:ns1,ns2,ns3.digitalocean.com
CA: Comodo PositiveSSL CA:Comodo PositiveSSL
Update 1 : according to the buddy below suggested to check iptables, this is what i've got 更新1 :根据下面的伙伴建议检查iptables,这就是我所拥有的
Chain ufw-user-input (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT udp -- anywhere anywhere udp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:https
ACCEPT udp -- anywhere anywhere udp dpt:https
Update 2 : curl -i test does show that the site has now being redirected to a https:// connection. 更新2 :curl -i测试确实显示该站点现在已重定向到https://连接。 But browser says ERR_CONNECTION_CLOSED 但浏览器说ERR_CONNECTION_CLOSED
root@Apocalypse:/etc/nginx/ssl/www.example.com/10784# curl -i http://example.com
HTTP/1.1 301 Moved Permanently
Server: nginx/1.8.0
Date: Sat, 01 Aug 2015 09:52:53 GMT
Content-Type: text/html
Content-Length: 184
Connection: keep-alive
Location: https://www.example.com/
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.8.0</center>
</body>
</html>
root@Apocalypse:/etc/nginx/ssl/www.example.com/10784# curl -i http://www.example.com
HTTP/1.1 301 Moved Permanently
Server: nginx/1.8.0
Date: Sat, 01 Aug 2015 09:53:24 GMT
Content-Type: text/html
Content-Length: 184
Connection: keep-alive
Location: https://www.example.com/
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.8.0</center>
</body>
</html>
Update 3 : openssl s_client return with this error 更新3 :openssl s_client返回此错误
openssl s_client -connect www.example.com:443
CONNECTED(00000003)
140000289871520:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:177:
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 295 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---
Update 4 : I have found out the issue.. apparently this line 更新4 :我发现了问题..显然这一行
server {
listen 443 ssl;
server_name example.com;
return 301 $scheme://www.example.com$request_uri;
}
is causing the issue. 造成了这个问题。 once i remove it then everything works like a charm... but now my problem is how should i reroute https://example.com to https://www.example.com ? 一旦我删除它,然后一切就像一个魅力......但现在我的问题是我应该如何重新路由https://example.com到https://www.example.com ? Suppose that the above code is to perform that action. 假设上面的代码是执行该操作。
2 个解决方案
解决方案1
2 已采纳 2015-08-02 09:11:51
Ok so I have resolved the issue. 好的,我已经解决了这个问题。 Now where do I start. 现在我从哪里开始。
First 第一
I would like to clarify that there is no problem with the certificate, Laravel forge and nginx configuration file. 我想澄清一下,证书,Laravel forge和nginx配置文件没有问题。 Everything was well setup and well configured. 一切都设置良好,配置完善。
Second 第二
Like what I have done in my question above, configure your nginx.conf like such: 就像我在上面的问题中所做的那样,配置你的nginx.conf就像这样:
server {
listen 80;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 80;
server_name www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/www.example.com/10772/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/10772/server.key;
return 301 $scheme://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
root /home/forge/www.example.com/public;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/www.example.com/10772/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/10772/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
client_max_body_size 128M;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_log /var/log/nginx/www.example.com-error.log error;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
}
Note that there is one thing I would like you to pay attention on in this section. 请注意,我希望您在本节中注意一件事。 When you are redirecting a https connection (port 433 to port 433), you are required to specify again the certificates and keys to be use. 当您重定向https连接(端口433到端口433)时,您需要再次指定要使用的证书和密钥。 Naturally when the server performs a redirect, a new connection is being established therefore a new handshake sequence is required. 当然,当服务器执行重定向时,正在建立新连接,因此需要新的握手序列。 That is why in my https://example.com redirection 这就是我的https://example.com重定向的原因
server {
listen 443 ssl;
server_name example.com;
# FORGE SSL (DO NOT REMOVE!)
ssl_certificate /etc/nginx/ssl/www.example.com/10772/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/10772/server.key;
return 301 $scheme://www.example.com$request_uri;
}
I would have to re specify the certificates or else the server will drop the connection since there is no credentials to be validated with. 我必须重新指定证书,否则服务器将丢弃连接,因为没有要验证的凭据。 Once you have done with this, you should be half way till completion. 完成此操作后,您应该完成一半。
Third 第三
In order to have a proper redirection, there are a few things you need to check and make sure it is configured properly. 为了获得正确的重定向,您需要检查一些事项并确保其配置正确。
- Domain names to be configured in your DNS provider and your Hosting provider must consist of both www and non-www A(Host) registry and point to the same ip. 要在DNS提供商和托管服务提供商中配置的域名必须包含www和非www A(主机)注册表,并指向相同的IP。
- Make sure that your name servers are able to resolve non-www addresses (with or without https) into your desired address. 确保您的名称服务器能够将非www地址(带或不带https)解析为所需的地址。 Which in my case all
http://example.com,http://www.example.com,https://example.com, intohttps://www.example.com.在我的情况下,所有http://example.com:http://www.example.comhttps://example.comhttp://example.com,进入https://www.example.com。 Performing this check you can use like @Wizzard's suggestioncurl -i http://example.com/执行此检查,您可以使用像@ Wizzard的建议curl -i http://example.com/
Finally 最后
Once everything has been properly configured, you should be on your way to a secured connection browsing. 一切都已正确配置后,您应该开始进行安全的连接浏览。
解决方案2
1 2015-08-01 07:32:44
Can you access the port 80 or port 443? 你可以访问端口80或端口443吗? Try running a curl -i http://example.com/ on your command line, whats the error? 尝试在命令行上运行curl -i http://example.com/ ,该错误是什么?
Can you check the nginx logs? 你能检查nginx日志吗? Is nginx even running, maybe restart it again? nginx是否正在运行,可能会重新启动它?
service nginx restart
What about the firewall, is that open for port 443? 防火墙怎么样,对443端口开放了吗?
Checked iptables if installed? 检查iptables是否已安装?
iptables -L
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.