Nginx
Nginx 301 域重定向不起作用
我正在嘗試將我的舊域 ( ) 重定向(或者我猜是轉發)
example.com到我的新域 (example2.com) ,因為我已經更新了我的伺服器配置以適應新域。但是,我的 Nginx 配置中的 301 重定向子句似乎沒有正常工作,因為我仍然能夠訪問example.com,它重定向到https://www.example.com在將此伺服器指向新域之前設置的配置。當https://www.example.com被訪問時,它呈現Your connection is not private這很有意義,因為我將 SSL 配置更改為指向example2.com. 我的 301 配置有問題嗎?如果沒有,是不是我仍然有一個A record (example.com)指向CNAME record (www.example.com)我的 IP 地址,允許通過舊域訪問該站點存在?*注意:*我按預期訪問
example2.com哪個重定向沒有問題https://www.example2.com這是我的 Nginx 配置:
server { listen 80; listen [::]:80; server_name example2.com www.example2.com example.com www.example.com; return 301 https://www.example2.com$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; include snippets/ssl-www.example2.com.conf; include snippets/ssl-params.conf; server_name example2.com; return 301 https://www.$server_name$request_uri; } server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; include snippets/ssl-www.example2.com.conf; include snippets/ssl-params.conf; server_name www.example2.com; client_max_body_size 100M; location ~ ^/\.well-known { root /var/www/ghost; allow all; } location / { proxy_pass http://127.0.0.1:2368; proxy_buffering off; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Referer ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_http_version 1.1; } }
首先,除非您想專門使用它,否則您不必設置 IPv6。像這樣使用你的配置:
server { listen 80; server_name example2.com www.example2.com example.com www.example.com; return 301 https://www.example2.com$request_uri; } server { listen 443 ssl http2; server_name example2.com; return 301 https://www.example2.com$request_uri; } server { listen 443 ssl http2; server_name www.example2.com; ssl_dhparam /etc/nginx/ssl/dhparam.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; ssl_certificate /etc/nginx/ssl/example2.com.crt; ssl_certificate_key /etc/nginx/ssl/example2.com.key; client_max_body_size 100M; location ~ ^/\.well-known { root /var/www/ghost; allow all; } location / { proxy_pass http://127.0.0.1:2368; proxy_buffering off; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header Referer ""; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forward-For $proxy_add_x_forwarded_for; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_http_version 1.1; } }另外,不要忘記創建 /etc/nginx/ssl 文件夾和 dhparam.pem 文件。
sudo mkdir /etc/nginx/ssl && sudo openssl dhparam -dsaparam -out /etc/nginx/ssl/dhparam.pem 4096