Nginx

在 HTTPS 上將根目錄重定向到 www nginx

  • June 20, 2018

以下是目前狀態:

嘗試了多個配置,仍然得出相同的結果。不確定它是否是配置欄位中的元素順序,如果我只是完全錯誤配置。

配置文件:

server {
   server_name www.example.com example.com 123.123.123.123;


   root /var/www/wdiu-new/web;
   location / {
       # try to serve file directly, fallback to app.php
       try_files $uri /app.php$is_args$args;
   }
   # DEV
   # This rule should only be placed on your development environment
   # In production, don't include this and don't deploy app_dev.php or config.php
   location ~ ^/(app_dev|config)\.php(/|$) {
       fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
       fastcgi_split_path_info ^(.+\.php)(/.*)$;
       include fastcgi_params;
       # When you are using symlinks to link the document root to the
       # current version of your application, you should pass the real
       # application path instead of the path to the symlink to PHP
       # FPM.
       # Otherwise, PHP's OPcache may not properly detect changes to
       # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
       # for more information).
       fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
       fastcgi_param DOCUMENT_ROOT $realpath_root;
   }
   # PROD
   location ~ ^/app\.php(/|$) {
       fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
       fastcgi_split_path_info ^(.+\.php)(/.*)$;
       include fastcgi_params;
       # When you are using symlinks to link the document root to the
       # current version of your application, you should pass the real
       # application path instead of the path to the symlink to PHP
       # FPM.
       # Otherwise, PHP's OPcache may not properly detect changes to
       # your PHP files (see https://github.com/zendtech/ZendOptimizerPlus/issues/126
       # for more information).
       fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
       fastcgi_param DOCUMENT_ROOT $realpath_root;
       # Prevents URIs that include the front controller. This will 404:
       # http://domain.tld/app.php/some-path
       # Remove the internal directive to allow URIs like this
       internal;
   }

   # return 404 for all other php files not matching the front controller
   # this prevents access to other php files you don't want to be accessible.
   location ~ \.php$ {
       return 404;
   }

   error_log /var/log/nginx/project_error.log;
   access_log /var/log/nginx/project_access.log;
# managed by Certbot

   listen 443 ssl; # managed by Certbot
   ssl_certificate /etc/letsencrypt/live/new.example.com/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/new.example.com/privkey.pem; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
   listen 80;
   server_name example.com;
   return 301 https://www.example.com$request_uri;
}


server {
   listen 443 ssl http2;
   listen [::]:443 ssl http2;
   server_name example.com;

   ssl_certificate /etc/letsencrypt/live/new.example.com/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/new.example.com/privkey.pem; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

   location / {
       return 301 https://www.example.com$request_uri;
   }
}


server {

  if ($host = www.example.com) {
       return 301 https://$host$request_uri;
   } # managed by Certbot


   server_name www.example.com 123.123.123.123;
   listen 80;
   return 404; # managed by Certbot
}
server {
   server_name www.example.com example.com 123.123.123.123;

您的第一個伺服器塊正在處理example.com.

您應該刪除該主機名,以便請求example.com落入包含重定向的以下伺服器塊。

(實際上也刪除了 IP 並將其移動到重定向主機,儘管如果您實際嘗試使用,您可能會收到瀏覽器 SSL 警告https://<ip>

我想您希望此塊 將https://example.comserver { listen 80; server_name example.com; return 301 https://www.example.com$request_uri; } 重定向到https://www.example.com

但它不起作用,因為它只在埠 80 上偵聽。

無論如何,您的伺服器 {} 塊中確實有很多冗餘。我建議你組織得更好,否則你會一直遇到麻煩。

引用自:https://serverfault.com/questions/916849