我试图将“www”子域重定向到不带“www”的同一路由,但访问该地址时收到以下错误:
您的连接不是私密的 攻击者可能试图从 www.*.com 窃取您的信息(例如密码、消息或信用卡)。了解更多 NET::ERR_CERT_COMMON_NAME_INVALID
不带“www”的子域完全活跃,并使用我使用 Lets Encrypt 制作的 SSL 进行设置(两个版本的子域均在创建 SSL 时注册)。
在“www”域上执行curl 命令时,我成功获得“301 永久移动”。
这是我的 nginx 的配置文件:
# HTTP — redirect all traffic to HTTPS
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 sitename.com$request_uri;
}
# HTTPS — proxy all requests to the Node app
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sitename.com;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/sitename.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sitename.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:4000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
最佳答案
已编辑,请参阅评论
您可以尝试更完整的解决方案。使用通配符和改进的重定向。请尝试一下!
# HTTP — redirect all traffic to HTTPS
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
server_name .sitename.com; # Note the '.' before sitename!
return 301 https://$host$request_uri;
}
# HTTPS — proxy all requests to the Node app
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .sitename.com;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/sitename.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/sitename.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:4000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
.sitename.com
;
A special wildcard name in the form “.example.org” can be used to match both the exact name “example.org” and the wildcard name “*.example.org”.
关于ssl - 即使应用了重定向,WWW 子域也不 protected ,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/56236234/