ubuntu - 修复 http+non-www 到 https+www 重定向的 NGINX 配置
问题描述
我正在努力nginx
在我的Ubuntu 20.04.1 LTS
.
我的目标:拥有一个良好且安全的nginx
配置,仅具有将所有http and non-www
流量 301 重定向到https+www
版本所需的最少行数。
我确实有一个工作配置;但它并不优雅。希望您的帮助有一个我可以引以为豪的良好配置。
server {
root /var/www/mydomain/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
# Add index.php to the list if you are using PHP
index index.php index.html index.htm index.nginx-debian.html;
charset utf-8;
server_name www.mydomain.com;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ /\.(?!well-known).* {
deny all;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name mydomain.com;
return 404; # managed by Certbot
}server {
if ($host = www.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name www.mydomain.com;
return 404; # managed by Certbot
}
解决方案
推荐阅读
- azure - 仅来自某些 AppService 的 Azure 存储访问缓慢
- microsoft-teams - 如何拨打电话:适用于自适应卡
- java - 从选择对象设置选项
- apache-spark - java.lang.ClassNotFoundException:找不到类 com.amazon.ws.emr.hadoop.fs.EmrFileSystem
- java - 使用 downloadtask 下载多个 url
- java - 在某些按钮上随机放置文本
- java - REST API:服务中的字段存储库需要一个名为“entityManagerFactory”的 bean,但无法找到
- javascript - 如何使用“数据:文本/纯文本”打印井号?
- heroku - 在带有 .htpasswd 命令的 heroku CLI 中,输入的密码未显示
- ruby - 用户电子邮件为零(Octokit Github API)