Nginx -使用TLC/SSL强制WWW

Question

我想在我的网站上强制使用ssl，并将非www重定向到www。我阅读了很多指南，并尝试了示例配置，但没有完全工作。在我的配置中，它给了我太多的重定向错误

这是我的配置

    server {
            listen 80 default_server;
            listen [::]:80 default_server;

            # SSL configuration
            #
            server_name  mydomainname.com www.mydomainname.com;
            return 301 https://www.mydomainname.com$request_uri;
    }

    server {
            listen 443 ssl http2;
            listen [::]:443 ssl default_server;
            include snippets/ssl-mydomainname.com.conf;
            include snippets/ssl-params.conf;
            server_name mydomainname.com;
            return 301 https://www.mydomainname.com$request_uri;
            #
            # Note: You should disable gzip for SSL traffic.
            # See: https://bugs.debian.org/773332
            #
            # Read up on ssl_ciphers to ensure a secure configuration.
            # See: https://bugs.debian.org/765782
            #
            # Self signed certs generated by the ssl-cert package
            # Don't use them in a production server!
            #
            # include snippets/snakeoil.conf;

            root /var/www/blog;

            # Add index.php to the list if you are using PHP
            index index.html index.htm index.nginx-debian.html;

            server_name _;
     location ~ /.well-known {
                    allow all;
            }
            location / {
                    # First attempt to serve request as file, then
                    # as directory, then fall back to displaying a 404.
                    try_files $uri $uri/ =404;
            }
    location ~* \.(?:ico|css|js|gif|jpe?g|png)$ {
        expires 30d;
        add_header Pragma public;
        add_header Cache-Control "public";
    }
            # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
            #
            #location ~ \.php$ {
            #       include snippets/fastcgi-php.conf;
            #
            #       # With php7.0-cgi alone:
            #       fastcgi_pass 127.0.0.1:9000;
            #       # With php7.0-fpm:
            #       fastcgi_pass unix:/run/php/php7.0-fpm.sock;
            #}

            # deny access to .htaccess files, if Apache's document root
            # concurs with nginx's one
            #
            #location ~ /\.ht {
            #       deny all;
            #}
    }

    # Virtual Host configuration for example.com
    #
    # You can move that to a different file under sites-available/ and symlink that
    # to sites-enabled/ to enable it.
    #
    #server {
    #       listen 80;
    #       listen [::]:80;
    #
    #       server_name example.com;
    #
    #       root /var/www/example.com;
    #       index index.html;
    #
    #       location / {
    #               try_files $uri $uri/ =404;
    #       }
    #}

请给我一些建议。

Answer 1

您需要将443服务器块一分为二。例如：

server {
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    include snippets/ssl-mydomainname.com.conf;
    include snippets/ssl-params.conf;
    return 301 https://www.mydomainname.com$request_uri;
}
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    include snippets/ssl-mydomainname.com.conf;
    include snippets/ssl-params.conf;
    server_name www.mydomainname.com;
    ...
}

因此，默认的安全服务器将重定向到您的安全www服务器。有关详细信息，请参阅this document。这还假设证书对于www服务器名称和非www服务器名称都有效。