Nginx将HTTP重定向到HTTPS部分工作

Question

My objective is to redirect my web site like this:

http://EXAMPLE.com/ to https://EXAMPLE.com/ (working)

http://www.EXAMPLE.com/ to https://EXAMPLE.com/ (not working). This one is currently redirecting to https://www.EXAMPLE.com/ .

In addition, even though I didn't define api.EXAMPLE.com in the server section below, when I enter the URL as http://api.EXAMPLE.com/ , it gets redirected to https://api.EXAMPLE.com/ . I believe this has to do with the DNS record resolving to the same IP address. I would rather it show page not found instead of redirecting.

DNS Records:

 Type Name Value TTL A @ 35.161.XX.XX 600 seconds A api 35.161.XX.XX 1 Hour A www 35.161.XX.XX 1 Hour 

And the Nginx configuration file:

 # For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; # Load dynamic modules. See /usr/share/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; #keepalive_timeout 65; keepalive_timeout 15; types_hash_max_size 2048; # Enable HTTPS by default on all our websites #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; #php max upload limit cannot be larger than this client_max_body_size 40m; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; index index.php index.html index.htm; # Upstream to abstract backend connection(s) for PHP. upstream php { #this should match value of "listen" directive in php-fpm pool server unix:/tmp/php-fpm.sock; #server 127.0.0.1:9000; } # Redirect unsecured port 80 traffic (http://) to port 443 (https://) server { listen 80 default_server; listen [::]:80 default_server; server_name EXAMPLE.com www.EXAMPLE.com; #return 301 $scheme://EXAMPLE.com$request_uri; #return 301 https://$host$request_uri; return 301 https://EXAMPLE.com$request_uri; } #server { # listen 80 default_server; # listen [::]:80 default_server; #server_name localhost; # server_name EXAMPLE.com; #root /usr/share/nginx/html; # root /var/www/nginx; # Load configuration files for the default server block. # include /etc/nginx/default.d/*.conf; # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \\.php$ { # proxy_pass http://127.0.0.1; #} #} # Settings for a TLS enabled server. server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; server_name EXAMPLE.com; root /var/www/nginx; #For Basic Auth auth_basic "Restricted"; auth_basic_user_file /var/www/nginx/.htpasswd; #ssl_certificate "/etc/pki/tls/certs/EXAMPLE.crt"; #ssl_certificate_key "/etc/pki/tls/private/EXAMPLE.key"; ssl_certificate "/etc/letsencrypt/live/EXAMPLE.com/cert.pem"; ssl_certificate_key "/etc/letsencrypt/live/EXAMPLE.com/privkey.pem"; # It is *strongly* recommended to generate unique DH parameters # Generate them with: openssl dhparam -out /etc/pki/nginx/dhparams.pem 2048 #ssl_dhparam "/etc/pki/nginx/dhparams.pem"; ssl_dhparam "/etc/pki/tls/dhparams.pem"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP; ssl_prefer_server_ciphers on; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; } } 

Answer 1

Based on the lead from Richard, here is how I erased the HTTP Strict Transport Security history from Chrome :

1. In the Query Domain section, I entered my domain and sub-domains: example.com, www.example.com, db.example.com, api.example.com to see if they were listed.
2. Then I entered those I found into the Delete Domain section and pressed Delete.
3. I entered http://www.example.com into the browswer's location field and pressed Enter. It redirected to https://example.com .
4. I also tried http://db.example.com and http://api.example.com and both were redirected to https://example.com . I'm curious why these got redirected since I didn't have a server section for them in nginx.conf. Is it because it resolved to the same IP?
5. Lastly, I tried http://what.example.com and got a "Can't reach this page" error; which is right.

chrome://net-internals/#hsts