I want to redirect https://*.example.com to https://www.example.com (* being any subdomain).
My Nginx configuration (unrelated lines removed):
server {
server_name www.example.com;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/vpsuser/example/example;
}
location / {
include proxy_params;
proxy_pass http://unix:/run/gunicorn.sock;
}
listen 443 http2 ssl; # managed by Certbot
listen [::]:443 http2 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 443 http2 ssl;
listen [::]:443 http2 ssl;
server_name example.com *.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
return 301 https://www.example.com$request_uri;
}
When I go to https://s.example.com no redirection happens and browser displays "this connections isn't secure". My code for same logic for http works without any problem.
And when I enter https://example.com it redirects to https://www.example.com successfully.
I tried return 404 to see if it is really done by the same code block and I got 404 page. So, why it redirects https://example.com but not https://*.example.com? How can I solve it?
I am using Django. Just saying if there can be any relation.
Related
I have my below nginx config, I'm trying to redirect everything to https://www regardless of what comes in for example http://example.com, http://www.example.com or https://example.com.
I've looked at numerous topics on SO and tried a couple of things but still stumped, I can't ever get https://example.com to redirect to the https://www pattern!?
server {
listen 80;
listen 443 ssl;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_dhparam /etc/nginx/ssl/dhparams.pem;
ssl_session_timeout 30m;
ssl_session_cache shared:SSL:10m;
ssl_buffer_size 8k;
add_header Strict-Transport-Security max-age=31536000;
root /usr/share/nginx/html;
# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
Make one server block a default server and give the other server block the one true server_name.
server {
listen 80 default_server;
listen 443 ssl default_server;
ssl_certificate ...;
ssl_certificate_key ...;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
ssl_certificate ...;
ssl_certificate_key ...;
...
}
The default server for https requires a valid certificate. Assuming you have a wildcard certificate - most of the ssl_ statements could be moved into the outer block and be inherited by both server blocks. For example:
ssl_certificate ...;
ssl_certificate_key ...;
ssl_...;
server {
listen 80 default_server;
listen 443 ssl default_server;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl;
server_name www.example.com;
...
}
See this document for more.
I have a subdomain https://test.shop.com, I'm running a Nginx server and it's working fine. But I have to accept the request with https://test.shop.com:8080/graphql/ and redirect to http://127.0.0.1:8000 to the same machine. I've added this block
location /graphql/ {
proxy_pass http://127.0.0.1:8000;
}
But when I try to access https://test.shop.com:8080/graphql/ from the browser it shows me This site can’t be reached seems something to do with dns. Although I can access https://test.shop.com/graphql/ and it works fine.
My whole config file is
server {
server_name test.shop.com;
root /var/www/html/test;
index index.html;
location / {
try_files $uri $uri/ /index.html?$args;
}
# dashboard app
location /dashboard/ {
try_files $uri $uri/ /dashboard/index.html?$args;
}
location /graphql/ {
proxy_pass http://127.0.0.1:8000;
}
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/test.shop.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/test.shop.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = test.shop.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name test.shop.com;
return 404; # managed by Certbot
}
You must create new virtualhost and listen that virtualhost to port 8080.
server {
listen 8080 ssl;
server_name test.shop.com;
root /var/www/html/test;
index index.html;
location /graphql/ {
proxy_pass http://127.0.0.1:8000;
}
ssl_certificate /etc/letsencrypt/live/test.shop.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/test.shop.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
I found an answer here but still can make it work, I want just the same thing as him:
https://example.com
https://www.example.com
http://example.com
http://www.example.com
example.com
www.example.com
to all redirect to `https://example.com`
here is my config file
server {
server_name example.com www.example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
# listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = example.com) {
return 301 https://example.com$request_uri;
}
server_name example.com;
listen 80;
listen 443 ssl;
return 404; # managed by Certbot
}
all the redirects are correct except "https://www.example.com", it does not redirect at all.
Where did I do wrong? Please help!
Your cerbot generated configuration looks strange. As mentioned in a comment. Check sudo nginx -t to see if there are any warnings.
To redirect the client request that's sent to https://www.example.com you need a server blog matching www.example.com liste 443 ssl. Please make sure you have the certs including www.example.com as a CN!
In this server blog you can create a redirect with return 301 https://example.com$reuest_uri
Certbot should! generate the right configuration for ssl if your configuration for port 80 (non-ssl) is correct.
server {
server_name example.com;
listen 80;
...
}
server {
server_name www.example.com;
listen 80;
return 301 $scheme://example.com$request_uri;
...
}
This should generate the right ssl configuration using the nginx certbot plugin.
I have the following nginx server block for my domain name example.com. I want to redirect non www to www for the SEO.
Update
According to this answer I used the following server block. But when I test it, I got the following
nginx: [warn] conflicting server name "www.example.com" on 0.0.0.0:80, ignored
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
So, I have the doubt is it correct or not and Whether it actually redirects the non www to www, please.
/etc/nginx/sites-available/example.com
server {
server_name www.example.com;
rewrite ^(.*) https://www.example.com$1 permanent;
}
server {
root /var/www/abc-company-website/public;
index index.php index.html index.htm index.nginx-debian.html;
server_name example.com;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
#Cache-Control
location ~* \.(?:ico|ttf|png|svg|jpg|jpeg|js)$
{
expires 7d;
add_header Pragma public;
add_header Cache-Control "public";
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
How can I change the above server block to redirect, please?
It's in the best practices of nginx not to use if (even more of a reason if you are using it for $host), it's better to use server brackets with different server_name.
server {
listen 80;
server_name example.org www.example.org;
return 301 https://www.example.org$request_uri;
}
This will send HTTP www and HTTP non-www to HTTPS www
If you have a cert for non-www set a server bracket and redirect to www:
server{
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
return 301 https://www.example.com$request_uri;
}
And finally you can do whatever you want in the https www.example.com bracket:
server {
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
server_name www.example.com;
# Do whatever you want to do here to get to your application
}
It's better to read the documentation and best practices of nginx, and try to make clean configurations so the next one that comes can understand it on first sight :D
If you've got any question just ask it. (looks like you didn't understand the duplicates given in the comments, so I decided to explain it 1 by 1 for your case)
This nginx config is supposed to redirect
http://example.com
http://www.example.com
https://www.example.com
to https://example.com
server {
server_name example.com;
root {:siteRoot};
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
index index.html;
}
server {
server_name example.com www.example.com;
listen 80;
return 301 https://example.com$request_uri;
}
server {
server_name www.example.com;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
return 301 https://example.com$request_uri;
}
It works fine, but can it be merged somehow to avoid all the duplicate code ?
server {
server_name www.example.com example.com;
root {:siteRoot};
listen 443 ssl;
listen 80;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
if ($scheme = http) {
return 301 https://example.com$request_uri;
}
if ($host = 'www.example.com') {
return 301 https://example.com$request_uri;
}
index index.html;
}
As I commented, I like to separate in servers my different options in nginx, as I think of it not as "code". But I think what What I just wrote should work for you if you want to have it all in the same server. I'm setting up a virtual server to check if the "ifs" written work as intended, as the concept is right, but I need to check the code in depth.