Nginx - TLC/SSLでWWWを強制的に

Question

私は強制的に私のウェブサイトにSSLを送ってwww以外をwwwにリダイレクトしたい。私は多くのガイドを読んで、サンプル構成を試しましたが、完全には機能しませんでした。それは私にあまりにも多くを与え、私の設定では これは私にいくつかのアドバイスを与えてください、私の設定

server { 
      listen 80 default_server; 
      listen [::]:80 default_server; 

      # SSL configuration 
      # 
      server_name mydomainname.com www.mydomainname.com; 
      return 301 https://www.mydomainname.com$request_uri; 
    } 

    server { 
      listen 443 ssl http2; 
      listen [::]:443 ssl default_server; 
      include snippets/ssl-mydomainname.com.conf; 
      include snippets/ssl-params.conf; 
      server_name mydomainname.com; 
      return 301 https://www.mydomainname.com$request_uri; 
      # 
      # Note: You should disable gzip for SSL traffic. 
      # See: https://bugs.debian.org/773332 
      # 
      # Read up on ssl_ciphers to ensure a secure configuration. 
      # See: https://bugs.debian.org/765782 
      # 
      # Self signed certs generated by the ssl-cert package 
      # Don't use them in a production server! 
      # 
      # include snippets/snakeoil.conf; 

      root /var/www/blog; 

      # Add index.php to the list if you are using PHP 
      index index.html index.htm index.nginx-debian.html; 

      server_name _; 
    location ~ /.well-known { 
        allow all; 
      } 
      location/{ 
        # First attempt to serve request as file, then 
        # as directory, then fall back to displaying a 404. 
        try_files $uri $uri/ =404; 
      } 
    location ~* \.(?:ico|css|js|gif|jpe?g|png)$ { 
     expires 30d; 
     add_header Pragma public; 
     add_header Cache-Control "public"; 
    } 
      # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 
      # 
      #location ~ \.php$ { 
      #  include snippets/fastcgi-php.conf; 
      # 
      #  # With php7.0-cgi alone: 
      #  fastcgi_pass 127.0.0.1:9000; 
      #  # With php7.0-fpm: 
      #  fastcgi_pass unix:/run/php/php7.0-fpm.sock; 
      #} 

      # deny access to .htaccess files, if Apache's document root 
      # concurs with nginx's one 
      # 
      #location ~ /\.ht { 
      #  deny all; 
      #} 
    } 

    # Virtual Host configuration for example.com 
    # 
    # You can move that to a different file under sites-available/ and symlink that 
    # to sites-enabled/ to enable it. 
    # 
    #server { 
    #  listen 80; 
    #  listen [::]:80; 
    # 
    #  server_name example.com; 
    # 
    #  root /var/www/example.com; 
    #  index index.html; 
    # 
    #  location/{ 
    #    try_files $uri $uri/ =404; 
    #  } 
    #} 

でエラー

をリダイレクトします。

Answer 1

443サーバーブロックを2つに分割する必要があります。例：

server { 
    listen 443 ssl default_server; 
    listen [::]:443 ssl default_server; 
    include snippets/ssl-mydomainname.com.conf; 
    include snippets/ssl-params.conf; 
    return 301 https://www.mydomainname.com$request_uri; 
} 
server { 
    listen 443 ssl http2; 
    listen [::]:443 ssl http2; 
    include snippets/ssl-mydomainname.com.conf; 
    include snippets/ssl-params.conf; 
    server_name www.mydomainname.com; 
    ... 
} 

したがって、デフォルトのセキュアサーバーは、セキュアなwwwサーバーにリダイレクトされます。詳細については、this documentを参照してください。これは、証明書がwwwとnon-wwwの両方のサーバー名に対して有効であることも前提としています。