[英]Redirect non-www to www https nginx (SSL_ERROR_BAD_CERT_DOMAIN)
I just noticed that one of my pages couldn't be accessed on https without www
我只是注意到如果没有
www
就无法在https上访问我的页面之一
So we I have four different scenarios: 所以我们有四种不同的情况:
http://example.com
<- Works http://example.com
<-可以
https://example.com
<- Does not work https://example.com
<- 不起作用
http://www.example.com
Works http://www.example.com
作品
https://www.example.com
Works https://www.example.com
作品
The case is that for every request, independent of what above routes you choose, you should allways end on: https://www.example.com
情况是,对于每个请求,无论您选择哪种上述路线,都应始终以以下
https://www.example.com
结尾: https://www.example.com
: https://www.example.com
I'm not the first having this issue and I tried many scenarios but without any luck (eg. these solutions: here ) 我不是第一个遇到此问题的人,我尝试了许多情况,但没有任何运气(例如,这些解决方案: 这里 )
When I try to access https://example.com
I get a SSL_ERROR_BAD_CERT_DOMAIN
. 当我尝试访问
https://example.com
我得到一个SSL_ERROR_BAD_CERT_DOMAIN
。 The certificate is thus only valid for www.example.com
which makes sense. 因此,该证书仅对
www.example.com
有效。 But I also have another certificate valid for example.com
. 但是我还有另一个对
example.com
有效的证书。
For know my NGINX setup looks like this: 众所周知,我的NGINX设置如下所示:
server {
listen 443 ssl;
server_name example.com
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 default_server ssl;
server_name www.example.com;
root /home/build/;
index index.html index.htm;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
location / {
try_files $uri /index.html;
}
}
server {
listen 80;
server_name www.example.com example.com;
return 301 https://www.example.com$request_uri;
}
I've been using NGINX for a while and have actually never noticed, until lately, that I've had that problem. 我使用NGINX已有一段时间了,实际上直到最近我才意识到我遇到了这个问题。 I know that I could serve the page both with and without
www
and that would solve the problem. 我知道我可以在有和没有
www
情况下提供该页面,这将解决问题。 But I wish that every interaction should be on www.example.com
and not without the www
. 但我希望每次互动都应在
www.example.com
而不要没有www
。
I'm running NGINX version 1.14.0 on a Ubuntu 18.04. 我正在Ubuntu 18.04上运行NGINX版本1.14.0。
All help is appriciated. 所有帮助均已申请。
If anyone should be interested I solved the issue. 如果有人有兴趣,我就解决了这个问题。
Instead of having multiple certificates I got a wildcard certificate and added the root domain to it as well. 我没有使用多个证书,而是获得了通配符证书,并向其中添加了根域。
Since LetsEncrypt, as I use in this case, also provides free wildcard certificates all of my sub domains and root domain can use the same certificate instead. 因为在本例中使用的LetsEncrypt还提供了免费的通配符证书,所以我的所有子域和根域都可以使用相同的证书。
After installing my wildcard certificate my NGINX file looks like this: 安装通配符证书后,我的NGINX文件如下所示:
server {
listen 443 default_server ssl;
server_name www.example.com;
root /home/build/;
index index.html index.htm;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
try_files $uri /index.html;
}
}
server {
server_name www.example.com example.com;
return 301 https://www.example.com$request_uri;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host = example.com) {
return 301 https://$host$request_uri;
}
if ($host ~ ^[^.]+\.example\.com$) {
return 301 https://$host$request_uri;
}
listen 80;
server_name www.example.com example.com;
return 404;
}
It should be said that the last part of the code is very much inspired by certbot
's setup. 应该说,代码的最后部分很大程度上受
certbot
设置的启发。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.