[英]Certbot SSL certificate and http->https + www->non-www redirect to many times error
我在 linode 上運行一個 rails 應用程序。 我在 ubuntu 上使用 nginx 並已成功為兩個域(www 和非 www)創建了帶有 certbot 的證書sudo certbot certificates提供以下 output
Saving debug log to /var/log/letsencrypt/letsencrypt.log
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: example.com
Domains: www.example.com
Expiry Date: 2020-02-19 20:17:51+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/example.com/privkey.pem
Certificate Name: www.example.com
Domains: example.com
Expiry Date: 2020-02-20 07:33:06+00:00 (VALID: 89 days)
Certificate Path: /etc/letsencrypt/live/www.example.com/fullchain.pem
Private Key Path: /etc/letsencrypt/live/www.example.com/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
這是我啟用的 nginx 配置文件的內容
upstream puma {
server unix:///home/deploy/apps/example/shared/tmp/sockets/example-puma.sock;
}
server {
listen 80 default_server deferred;
# server_name example.com;
root /home/deploy/apps/example/current/public;
access_log /home/deploy/apps/example/current/log/nginx.access.log;
error_log /home/deploy/apps/example/current/log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri @puma;
location @puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
}
server {
listen 80;
# server_name example.com;
server_name 172.104.228.105;
return 301 $scheme://example.com$request_uri;
}
我想將所有流量重定向到https://non-www.com 。 https://heimlichhamburg.de
該證書適用於 www,直到我為非 www 域添加了另一個證書。 現在,我在 www 中收到redirected you too many times的錯誤,並且This site can't provide a secure connection 。
更新 NGINX.CONF
upstream puma {
server unix:///home/deploy/apps/wasgehthamburg/shared/tmp/sockets/wasgehthamburg-puma.sock;
}
server {
listen 80 default_server deferred;
# server_name example.com;
root /home/deploy/apps/wasgehthamburg/current/public;
access_log /home/deploy/apps/wasgehthamburg/current/log/nginx.access.log;
error_log /home/deploy/apps/wasgehthamburg/current/log/nginx.error.log info;
location ^~ /assets/ {
gzip_static on;
expires max;
add_header Cache-Control public;
}
try_files $uri/index.html $uri @puma;
location @puma {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://puma;
}
error_page 500 502 503 504 /500.html;
client_max_body_size 10M;
keepalive_timeout 10;
}
server {
listen 80;
# server_name example.com;
server_name 172.XXX.XXX.105 www.example.org example.org;
return 301 https://example.org.de$request_uri;
}
server {
listen 443 ssl http2; #https of www*, 301 to right domain.
server_name www.heimlichhamburg.de;
#here the paths to your cert and key
ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem
ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
return 301 https://example.org$request_uri;
}
server {
listen 443 ssl http2;
server_name example.org;
ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem
ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
#do what you want to do here.
}
首先,您可以將所有 http 發送到 https,無論是否帶有 www。
server {
listen 80;
server_name example.org www.example.org;
return 301 https://example.org$request_uri;
}
如果主機是 www* 並且來自 https,則在沒有 www 的情況下重定向到 https。 順便說一句,這里您將使用 www.example.com 證書
server {
listen 443 ssl http2; #https of www*, 301 to right domain.
server_name www.example.org;
#here the paths to your cert and key
ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem
ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
return 301 https://example.org$request_uri;
}
最后,如果它配備了正確的方案和正確的主機,那么您可以隨心所欲。
server {
listen 443 ssl http2;
server_name example.org;
ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem
ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
#do what you want to do here.
}
我看到您遇到的一個問題是,在 example.com 上,在端口 80 上,您正在重定向到 scheme:/... ,這意味着使用到達的相同方案,所以它是 http 不斷(重定向循環)。
如果您有任何問題,請直接問他們:D
使用 http 到 https 重定向和通配符子域將 www 重定向到非 www
[英]Redirecting www to non-www with http to https redirect and wildard subdomains
將非www重定向到www https nginx(SSL_ERROR_BAD_CERT_DOMAIN)
[英]Redirect non-www to www https nginx (SSL_ERROR_BAD_CERT_DOMAIN)
如何使用Nginx將非www https端口XXX重定向到www https端口XXX?
[英]How to redirect non-www https port XXX to www https port XXX using nginx?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.