时间戳

首页 > 解决方案 > 修复 http+non-www 到 https+www 重定向的 NGINX 配置

ubuntu - 修复 http+non-www 到 https+www 重定向的 NGINX 配置

问题描述

我正在努力nginx在我的Ubuntu 20.04.1 LTS.

我的目标:拥有一个良好且安全的nginx配置,仅具有将所有http and non-www流量 301 重定向到https+www版本所需的最少行数。

我确实有一个工作配置;但它并不优雅。希望您的帮助有一个我可以引以为豪的良好配置。

server {

        root /var/www/mydomain/public;

        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Content-Type-Options "nosniff";

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm index.nginx-debian.html;

        charset utf-8;

        server_name www.mydomain.com;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ /index.php?$query_string;
        }

        location ~ \.php$ {
                fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
                fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
                include fastcgi_params;
        }

        location ~ /\.(?!well-known).* {
                deny all;
        }

        listen [::]:443 ssl ipv6only=on; # managed by Certbot
        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    }
    
    
    server {
        if ($host = mydomain.com) {
            return 301 https://$host$request_uri;
        } # managed by Certbot


            listen 80;

            server_name mydomain.com;
        return 404; # managed by Certbot


    }server {
        if ($host = www.mydomain.com) {
            return 301 https://$host$request_uri;
        } # managed by Certbot


            listen 80 default_server;
            listen [::]:80 default_server;

            server_name www.mydomain.com;
        return 404; # managed by Certbot


    }

标签: ubuntusslnginxcertbot

解决方案

推荐阅读