当前位置:theitroad>如何在Nginx上将非www重定向到www HTTP/TLS/SSL流量

如何在Nginx上将非www重定向到www HTTP/TLS/SSL流量

时间:2020-01-09 10:39:35  来源:igfitidea点击:

由于SEO和其他原因,我希望所有theitroad.local都可以访问www.theitroad.local。
我希望所有HTTP通信都转到HTTPS。
使用Nginx Web服务器时,如何将所有HTTP/HTTPS非www(例如,域名theitroad.local)流量重定向到www(例如,域名www.theitroad.local)?
建议您使用HTTP响应状态代码301永久移动来进行重定向。
它用于持久URL重定向,这意味着使用搜索响应的URL的当前链接应同时由搜索引擎和手动制作的书签刷新。

本教程将向您展示如何使用在Linux或类Unix系统中运行的Nginx Web服务器将非www URL重定向到www。

如下更新虚拟域配置文件以进行HTTP重定向

您需要在配置文件中定义两个虚拟主机,如下所示:

## redirect http://theitroad.local to http://www.theitroad.local/
server {
    listen       80;
    access_log  off;
    error_log   off;
    server_name  theitroad.local;
    return       301 http://www.theitroad.local$request_uri;
}
## Continue below for www.theitroad.local
server {
    listen       80;
    access_log  off;
    error_log   off;
    server_name  www.theitroad.local;
    ## rest of config below ##
}

请记住,如果您使用的是" HTTP严格传输安全性",则需要将所有http通信重定向到HTTPS/TLS域。
因此,为您的域编辑nginx.conf或存储在/etc/nginx/sites-enabled /中的虚拟主机文件之一:

$ sudo vi /etc/nginx/sites-enabled/theitroad.local.conf

如下更新:

## redirect http://theitroad.local to https://theitroad.local ##
server {
    listen      80;
    access_log  off;
    error_log   off;
    server_name theitroad.local;
    return      301 https://$server_name$request_uri;
}
## redirect www.theitroad.local to https://www.theitroad.local/
server {
    listen      80;
    access_log  off;
    error_log   off;
    server_name www.theitroad.local;
    return      301 https://$server_name$request_uri;
}

保存并关闭文件。
使用-t选项测试语法错误后,必须重新加载nginx服务器:

$ sudo nginx -t && systemctl reload nginx

或者

$ sudo nginx -t && service nginx reload

了解如何使用免费的Lets Encrypt SSL/TLS证书配置Nginx

如下更新虚拟域配置文件以进行HTTPS/TLS重定向

再次使用vi命令/vim命令编辑您的域的nginx.conf或存储在/etc/nginx/sites-enabled /中的虚拟主机文件之一,如下所示:

## redirect all https://theitroad.local/ to https://www.theitroad.local/
server {
        listen 443 ssl http2;
        access_log  off;
        error_log   off;
        server_name theitroad.local;
        return 301 https://www.theitroad.local$request_uri;
}
## define our https://www.theitroad.local/ ##
server {
    listen 443 ssl http2;
    access_log  /var/log/nginx/www.theitroad.local_access.log;
    error_log  /var/log/nginx/www.theitroad.local_error.log;
    ## server name and root
    server_name  www.theitroad.local;
    root        /home/lighttpd/theitroad.local/http;
 
    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /etc/nginx/ssl/letsencrypt/theitroad.local/theitroad.local.crt;
    ssl_certificate_key /etc/nginx/ssl/letsencrypt/theitroad.local/theitroad.local.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    ssl_dhparam /etc/nginx/ssl/letsencrypt/theitroad.local/dhparams.pem;
 
    # intermediate configuration. tweak to your needs.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
    ssl_prefer_server_ciphers on;
 
  # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security "max-age=15768000" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-Xss-Protection "1";
    add_header X-Whome "l-cbz02";
    # OCSP Stapling 
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8;
    ## Improves TTFB by using a smaller SSL buffer than the nginx default
    ssl_buffer_size 8k;
 
    # Directives to send expires headers and turn off 404 error logging.
    location ~* ^.+\.(css|js|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
          access_log off; log_not_found off; expires max;
    }
 
    # Pass all .php files onto a php-fpm/php-fcgi server.
     index index.php;
     location ~ [^/]\.php(/|$) {
     fastcgi_split_path_info ^(.+?\.php)(/.*)$;
            if (!-f $document_root$fastcgi_script_name) {
                     return 404;
     }
 
    # This is a robust solution for path info security issue and works with "cgi.fix_pathinfo = 1" in /etc/php.ini (default)
    include /etc/nginx/fastcgi_params;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_pass php;
}
}

保存并关闭文件。
同样,在使用-t选项测试语法错误之后,您需要重新加载nginx服务器:

$ sudo nginx -t && service nginx reload

测试一下

使用curl命令,如下所示:

$ curl -I theitroad.local

HTTP/1.1 301 Moved Permanently
Date: Sat, 17 Jun 2016 18:02:16 GMT
Content-Type: text/html
Connection: keep-alive
Location: https://theitroad.local/
X-Whome: l-cbz01
X-Content-Type-Options: nosniff
Server: cloudflare-nginx
CF-RAY: 3707eb3d507d2ee1-DEL

或者

$ curl -I https://theitroad.local

输出示例:

HTTP/1.1 301 Moved Permanently
Date: Sat, 17 Jun 2016 18:03:10 GMT
Content-Type: text/html
Connection: keep-alive
Location: https://www.theitroad.local/
X-Whome: l-cbz02
Strict-Transport-Security: max-age=15552000
X-Content-Type-Options: nosniff
Server: cloudflare-nginx
CF-RAY: 3707ec8e7c612f23-DEL

查看重定向的工作原理:

$ curl -ILa theitroad.local

输出示例:

HTTP/1.1 301 Moved Permanently
Date: Sat, 17 Jun 2016 18:04:20 GMT
Content-Type: text/html
Connection: keep-alive
Location: https://theitroad.local/
X-Whome: l-cbz01
X-Content-Type-Options: nosniff

HTTP/1.1 301 Moved Permanently
Date: Sat, 17 Jun 2016 18:04:21 GMT
Content-Type: text/html
Connection: keep-alive
Location: https://www.theitroad.local/
X-Whome: l-cbz02
Strict-Transport-Security: max-age=15552000
X-Content-Type-Options: nosniff

HTTP/1.1 200 OK
Date: Sat, 17 Jun 2016 18:04:21 GMT
Content-Type: text/html;charset=utf-8
Connection: keep-alive
Vary: Accept-Encoding
Cache-Control: public, max-age=1800
Expires: Sat, 17 Jun 2016 18:34:21 GMT
Last-Modified: Sat, 03 Jun 2016 08:24:57 GMT
Strict-Transport-Security: max-age=15552000
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-Xss-Protection: 1
X-Whome: l-cbz02
CF-Cache-Status: HIT

相关推荐

如何在Ubuntu Linux上管理启动程序

如何在Ubuntu Linux上管理启动程序

如何使用Nginx反映流量

如何使用Nginx反映流量

如何监视Linux命令的进度(带有pv和progress)

如何监视Linux命令的进度(带有pv和progress)

如何从Linux终端安装和卸载存储设备

如何从Linux终端安装和卸载存储设备

相关推荐
最近更新
标签