Geek Answers Handbook

How to fix HTTP redirect using Nginx?

I have a webpage where HTTP redirects are a bit broken.

The current behavior is as follows:

www.example.com, example.com, http://www.example.com , http://example.com , https://www.example.com are all redirected to https://www.example.com

and

https://example.com receives an error message that refused to connect.

I want the behavior to be like this:

example.com, http://example.com , https://example.com is redirected to https://example.com

www.example.com, http://www.example.com , https://www.example.com is redirected to https://www.example.com

Here is my nginx config file

server { listen 80 default_server; listen [::]:80 default_server; server_name example.com www.example.com; return 301 https://$server_name$request_uri; } server { add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; include snippets/ssl-example.com.conf; include snippets/ssl-params.conf; root /var/www/html; index index.html index.htm index.nginx-debian.html; server_name _; location ~ /.well-known { allow all; } location / { try_files $uri $uri/ =404; } }

The reason is that I want these links to work

https://www.ssllabs.com/ssltest/analyze.html?d=example.com

https://www.ssllabs.com/ssltest/analyze.html?d=www.example.com

https://hstspreload.org/?domain=example.com

https://hstspreload.org/?domain=www.example.com

+7
nginx
source share
2 answers

You have two independent problems:

  • Your requests are redirected to example.com , regardless of which specific domain is originally accessed.

This is because the $server_name variable that you are using is actually a static variable in this server context and is very distant from $http_host .

The correct way would be to use $host (basically this is $http_host with some edge fixing).

  1. When you try to contact https://example.com , but not https://www.example.com , you get a connection problem.

There is not enough information in your question to pinpoint the origin of this problem.

This could be a DNS problem ( A / AAAA of example.com records installed on an IP address where the corresponding bindings to the https port are not created).

This could be a problem with an inappropriate certificate:

  • Does your certificate match both example.com and www.example.com ? If not, then you cannot have both.

  • If you have separate certificates, you may also need to acquire separate IP addresses or risk to prevent a significant number of users from accessing your site due to lack of SNI .

It should be noted that it should also be noted that usually negligent practice does not have a single notation regarding access to your site. Especially if SEO is bothering you, it is best to decide whether you want to go or not www and stick to it.

+3
source

You need something like this:

 server { listen 80 default_server; listen [::]:80 default_server; server_name example.com www.example.com; return 301 https://$host$request_uri; } server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; server_name www.example.com; include snippets/ssl-example.com.conf; include snippets/ssl-params.conf; add_header Strict-Transport-Security "max-age=300; includeSubdomains; preload"; return 301 https://www.example.com$request_uri; } server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; server_name example.com; root /var/www/html; index index.html index.htm index.nginx-debian.html; include snippets/ssl-example.com.conf; include snippets/ssl-params.conf; add_header Strict-Transport-Security "max-age=300; includeSubdomains; preload"; location ~ /.well-known { allow all; } location / { try_files $uri $uri/ =404; } }

All your inquiries will ultimately be redirected to https://example.com . Your ssl certificate must also be valid for https://www.example.com , which, as you have already noted, is indicated.

+1
source

More articles:


All Articles