nginx 使用 ssl 重定向域
我有一個新域 (my-future-domain.com),我試圖用它來替換我目前的域 (my-current-domain.com)。我在 Ubuntu 上使用 DigitalOcean Nginx 伺服器,並認為我應該採取以下步驟來用我的新域替換目前域,但我之前從未處理過域遷移,這就是為什麼我想就這些步驟提供回饋我打算拿。
**1)**將A記錄指向與目前伺服器關聯的IP,將CNAME指向A記錄
A = my-future-domain.com 指向 100.200.1.90
CNAME = www.my-future-domain.com 是 my-future-domain.com 的別名
**2)**使用 certbot 為 my-future-domain.com 和 www.my-future-domain.com 生成 SSL
sudo certbot --nginx -d my-future-domain.com -d www.my-future-domain.com
3)
2: Redirect - Make all requests redirect to secure HTTPS access.
在 certbot 提示符下選擇4)
server_name
為新域名添加新塊並模仿目前伺服器塊目前區塊:
#This server block will redirect http:// to https://www.my-current-domain.com server { listen 80; listen [::]:80; server_name my-current-domain.com www.my-current-domain.com; return 301 https://www.my-current-domain.com$request_uri; } #This server block will redirect https://my-current-domain.com to https://www.my-current-domain.com (expecting that you have a certificate for my-current-domain.com as well as www.my-current-domain.com server { listen 443 ssl http2; listen [::]:443 ssl http2; include snippets/ssl-www.my-current-domain.com.conf; include snippets/ssl-params.conf; server_name my-current-domain.com; return 301 https://www.$server_name$request_uri; }
新網站塊:
#This server block will redirect http:// to https://www.my-future-domain.com server { listen 80; listen [::]:80; server_name my-future-domain.com www.my-future-domain.com; return 301 https://www.my-future-domain.com$request_uri; } #This server block will redirect https://my-future-domain.com to https://www.my-future-domain.com (expecting that you have a certificate for my-future-domain.com as well as www.my-future-domain.com server { listen 443 ssl http2; listen [::]:443 ssl http2; include snippets/ssl-www.my-future-domain.com.conf; include snippets/ssl-params.conf; server_name my-future-domain.com; return 301 https://www.$server_name$request_uri; }
**5)**將來自 my-current-domain.com 和 www.my-current-domain.com 的流量重定向到 www.my-future-domain.com。我是否從第 4 步更新“目前塊”?
**6)**刪除 my-current-domain.com 的 A 和 CNAME 記錄
有什麼我可能會失去的嗎?
DNS 看起來正確。為了簡化 DNS 請求,您可以將 my-current-domain.com 也設置為 www.my-future-domain.com 的 CNAME,而不僅僅是 www.my-current-domain.com。在舊域到期之前,您不需要刪除 DNS;將其留在原處是無害的。(它也將使任何仍然引用舊域的東西受益。重定向應該處理其餘的。)
我將按如下方式配置您的伺服器塊。
server { listen 80; listen [::]:80; server_name my-future-domain.com www.my-future-domain.com my-current-domain.com www.my-current-domain.com; return 301 https://www.my-future-domain.com$request_uri; } server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name www.my-future-domain.com; …
您可以通過組合兩個伺服器塊來清理程式碼。
如果您追求目前的計劃,如果有人請求http://my-current-domain.com>,他們將被重定向到<https://www.my-current-domain.com然後再次重定向到https://www .my-future-domain.com。您可以通過在初始伺服器塊中執行這一切來節省重定向。