Вопросы Теги

Como forçar o roteamento não www -> www para subpastas no Nginx?

Meu site é habilitado para SSL e é chamado de schandillia.com. E meu objetivo é forçar todo o acesso através de https: //www.schandillia.com...both para a página inicial, bem como outras páginas. A seguir está a aparência do meu Nginx conf : 

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
  return 301 https://$host$request_uri;
}

server {
  listen 443 default_server ssl http2; # spdy is a more performant alternative to http2
  listen [::]:443 ssl http2; # spdy is a more performant alternative to http2
  server_name  .schandillia.com;

  location / {
    proxy_pass http://127.0.0.1:3000;
    charset UTF-8;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }
}

Esta configuração permite o seguinte:

http://schandillia.com -> https: //www.schandillia. com schandillia.com -> https://www.schandillia.com www.schandillia.com -> https://www.schandillia.com

No entanto, não impõe www em sub-rotas, por exemplo, schandillia.com/about, etc. O que precisa ser alterado em minhas diretivas de configuração?

Atualização : Aqui está todo o fragmento de .conf para referência: 

# read more here http://tautt.com/best-nginx-configuration-for-security/

# don't send the nginx version number in error pages and Server header
server_tokens off;

include /etc/nginx/sites-available/snippets/ssl-config.conf; # importing ssl configurations

# redirect all http traffic to https
server {
  listen 80 default_server;
  listen [::]:80 default_server;
  # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
  # return 301 https://$host$request_uri;
  return 301 https://www.schandillia.com$request_uri;
}

server {
  listen 443 default_server ssl http2; # spdy is a more performant alternative to http2
  listen [::]:443 ssl http2; # spdy is a more performant alternative to http2
  server_name  .schandillia.com;

  # enable server-side protection from BEAST attacks
  # http://blog.ivanristic.com/2013/09/is-beast-still-a-threat.html
  ssl_prefer_server_ciphers on;
  # disable SSLv3(enabled by default since nginx 0.8.19) since it's less secure then TLS http://en.wikipedia.org/wiki/Secure_Sockets_Layer#SSL_3.0
  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  # ciphers chosen for forward secrecy and compatibility
  # http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html
  # ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
  ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";

  # ... the rest of your configuration
  location / {
    proxy_pass http://127.0.0.1:3000;
    charset UTF-8;
    include /etc/nginx/sites-available/snippets/proxy.conf; # importing proxy configurations
  }
  location ^~ /android-chrome- {
    proxy_pass http://127.0.0.1:3000/static/brand/favicons/android-chrome-;
    include /etc/nginx/sites-available/snippets/static-config.conf; # importing static assets configurations
  }
  location ^~ /apple-touch-icon {
    proxy_pass http://127.0.0.1:3000/static/brand/favicons/apple-touch-icon;
    include /etc/nginx/sites-available/snippets/static-config.conf; # importing static assets configurations
  }
  location ^~ /favicon {
    proxy_pass http://127.0.0.1:3000/static/brand/favicons/favicon;
    include /etc/nginx/sites-available/snippets/static-config.conf; # importing static assets configurations
  }
  location ^~ /mstile- {
    proxy_pass http://127.0.0.1:3000/static/brand/favicons/mstile-;
    include /etc/nginx/sites-available/snippets/static-config.conf; # importing static assets configurations
  }
  location ^~ /browserconfig.xml {
    proxy_pass http://127.0.0.1:3000/static/brand/favicons/browserconfig.xml;
    include /etc/nginx/sites-available/snippets/static-config.conf; # importing static assets configurations
  }
  # location = /android-chrome-192x192.png {
  #   proxy_pass http://127.0.0.1:3000/static/brand/favicons/android-chrome-192x192.png;
  #   expires 365d;
  #   add_header Pragma public;
  #   add_header Cache-Control "public";
  # }
  # location = /android-chrome-512x512.png {
  #   proxy_pass http://127.0.0.1:3000/static/brand/favicons/android-chrome-512x512.png;
  #   expires 365d;
  #   add_header Pragma public;
  #   add_header Cache-Control "public";
  # }
  location ~* \.(?:ico|svg|woff|woff2|ttf|otf|css|js|gif|jpe?g|png)$ {
   proxy_pass http://127.0.0.1:3000;
   include /etc/nginx/sites-available/snippets/proxy.conf; # importing proxy configurations
   include /etc/nginx/sites-available/snippets/static-config.conf; # static assets location configurations
  }
}

# for subdomain dev
server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;
  server_name dev.schandillia.com;

  # Route for /
  location / {
    proxy_pass http://127.0.0.1:9001;
    include /etc/nginx/sites-available/snippets/proxy.conf; # importing proxy configurations
  }
}

Espero que isso ajude.

2
задан 3 April 2019 в 19:39
1 ответ

В настоящее время выполняется перенаправление только с http на https . У вас нет перенаправления с https на https .

Вы можете разделить listen 443 ssl default_server и server_name www.example.com на два отдельных блока.Вы можете использовать тот же блок server для своего блока listen 80 default_server .

Например: 

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    listen 443 default_server ssl;
    listen [::]:443 default_server ssl;

    return 301 https://www.schandillia.com$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name  www.example.com;

    ...
}

Любой запрос, который не относится к https: // www. example.com и не обрабатывается другим сервером , блок будет перенаправлен на https://www.example.com .

2
ответ дан 3 December 2019 в 11:23

Теги

Похожие вопросы