0

So my example.com configuration file successfully redirect the following URL to https://example.com/ ...

  • http://1.2.3.4
  • http://example.com
  • http://www.example.com
  • https://example.com
  • https://www.example.com

... but not https://1.2.3.4. My question is, how do I redirect https://1.2.3.4 to https://example.com?

I have not make any changes to default configuration file. Here is my example.com configuration file:

server {
  listen 80;
  listen [::]:80;
  server_name www.example.com example.com 1.2.3.4;
  return 301 https://example.com$request_uri;
}

server {
  listen 443 ssl;
  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  server_name www.example.com 1.2.3.4;
  return 301 https://example.com$request_uri;
}

server {
  listen [::]:443 ssl ipv6only=on;
  listen 443 ssl;
  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
  server_name example.com;

  include /etc/letsencrypt/options-ssl-nginx.conf;
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

  root /var/www/example.com/html;
  index index.html index.htm index.nginx-debian.html;
  location / {
    try_files $uri $uri/ =404;
  }
}

Thank you and have a nice day.

Hadi
  • 21
  • 1
  • 4
  • Looks fine except, your second `server` block is only listening on IPv4 while the other two are listening on both IPv4 and IPv6. Obviously the browser will generate a certificate warning as `1.2.3.4` is not a domain name. – Richard Smith Sep 06 '20 at 10:25
  • So on second server block, I should remove: `listen 443 ssl;` and add `listen [::]:443 ssl ipv6only=on; listen 443 ssl;` ? – Hadi Sep 06 '20 at 10:28
  • Unless you install an SSL certificate for your IP address, you cannot get a redirect. – Tero Kilkanen Sep 06 '20 at 11:38
  • @TeroKilkanen so um, can I do it? Do I need to add `-d 1.2.3.4` argument inside `sudo certbot --nginx -d example.com -d www.example.com` when initializing `certbot`? – Hadi Sep 06 '20 at 13:53
  • You cannot use Letsencrypt to get certificates for IP addresses. I don't know if any certificate provider issues certificates for IP addresses. – Tero Kilkanen Sep 06 '20 at 16:16
  • Some must do, as e.g. https://1.1.1.1/ has one. – Esa Jokinen Sep 06 '20 at 19:17
  • It's best practice to _not_ redirect visitors to your IP address, but instead to serve them an error page. Indeed, this is what the default configuration does, and why it should not be used as your own web site's configuration. – Michael Hampton Sep 07 '20 at 03:27
  • @MichaelHampton I am not sure I understood what you're saying. I wanted to redirect my IP address to my domain name, not to redirect visitor to my IP address. – Hadi Sep 07 '20 at 09:04
  • @EsaJokinen while I do wonder how 1.1.1.1 got SSL for that IP, I don't want to do so. I just wanted to redirect visitor from IP to domain. – Hadi Sep 07 '20 at 09:05
  • @TeroKilkanen understood. If so, is there any way for me to redirect visitor who enters `https://1.2.3.4` to `https://example.com`? – Hadi Sep 07 '20 at 09:06
  • Oops, sorry, that was not well worded. I mean that you should not redirect people who visit your IP address. – Michael Hampton Sep 07 '20 at 14:41
  • @MichaelHampton alright understood. So what's the best ethics in handling visitors entering my IP address into URL bar? What do I show them? – Hadi Sep 08 '20 at 02:03

0 Answers0