nginx www shall redirect permanently with 301 under https

Question

I try to redirect www.example.com to https://example.com by adding the first serverblock. But it doesn't redirect. And it has to be redirected permanently to avoid SEO issues and security warnings for the user.

Here is my complete NGINX config file:

<code>
    server {

    listen 80;
    listen 443;
    server_name www.example.com;   
    return 301 $scheme://example.com$request_uri;
    }

    server {       
    listen 80 default_server;

    listen [::]:80 default_server ipv6only=on;       
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;

    root /var/www/html;

    index index.php index.html index.htm;
    server_name example.com;

    #Password protects the test subdomain
    ##  auth_basic "Restricted Content";
    ##  auth_basic_user_file /etc/nginx/.htpasswd;


    # Make site accessible from https://example.com/

    server_name example.com;
    include snippets/ssl-example.com.conf;        
    include snippets/ssl-params.conf;        
    location ~ /.well-known {              
    allow all;
        }       
    location / {    
    try_files $uri $uri/ /index.php$is_args$query_string;
    #try_files $uri $uri/ /index.php?q=$request_uri;                
    # First attempt to serve request as file, then               
    # as directory, then fall back to displaying a 404.             
    # try_files $uri $uri/ =404;              
    # Uncomment to enable naxsi on this location            
    # include /etc/nginx/naxsi.rules
    }  
    error_page 500 502 503 504 /50x.html;  
    location = /50x.html {

    root /usr/share/nginx/html;     
    }
    location ~ [^/]\.php(/|$) {
    fastcgi_split_path_info ^(.+?\.php)(/.*)$;
    if (!-f $document_root$fastcgi_script_name) {   
    return 404;
    }
    # Mitigate https://httpoxy.org/ vulnerabilities
    fastcgi_param HTTP_PROXY "";
    include snippets/fastcgi-php.conf;
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    include fastcgi_params;
    }      
    location ~ \.php$ {
    #match actual filename with extension or file not found
    #try_files $uri $uri =404;
    include snippets/fastcgi-php.conf;   
    fastcgi_pass unix:/run/php/php7.0-fpm.sock;       
    }

    # deny access to .htaccess files, if Apache's document root   
    # concurs with nginx's one  
    #
    #location ~ /\.ht 
    {     
    #       deny all;
    #
    }

    }
</code>

score 0 · Answer 1 · answered Jan 18 '17 at 09:24

0

As a minimum, your server block is missing the ssl keyword to enable https on the 443 port and the certificate definitions.

server {
    listen 80;
    listen 443 ssl;
    ssl_certificate     ...;
    ssl_certificate_key ...;

    server_name www.example.com;   
    return 301 $scheme://example.com$request_uri;
}

If you only have one certificate file for both example.com and www.example.com, the ssl_xxx directives may appear in the surrounding block to be inherited by both server blocks. See this document for more.

answered Jan 18 '17 at 09:24

Richard Smith

45,711
6
82
81

Let's encrypt doesn't seem to support wildcard certs like *.example.com so I guess I have to add a cert also for www.example.com although I am just redirecting it. – Gabriel Jan 21 '17 at 00:24
So?: server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; server_name www.example.com; include snippets/ssl-www.example.com.conf; include snippets/ssl-params.conf; return 301 $scheme://example.com$request_uri; } server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; server_name example.com; – Gabriel Jan 21 '17 at 00:36

score 0 · Answer 2 · answered Jan 22 '17 at 01:44

I finally solved it. By adding both www.example.com and example.com to the Let's Encrypt certificate it suddenly worked.

I did sudo letsencrypt certonly -a webroot --webroot-path=/var/www/html -d www.example.com,example.com

So after restarting nginx, the www redirect suddenly worked! I also put the redirect at the bottom and changed the nginx file as below:

server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;

include snippets/ssl-www.example.com.conf;
include snippets/ssl-params.conf;

root /var/www/html;
index index.php index.html index.htm;

server_name example.com;

#Password protects the test subdomain
##  auth_basic "Restricted Content";
##  auth_basic_user_file /etc/nginx/.htpasswd;

location ~ /.well-known {
allow all;
}
location / {
try_files $uri $uri/ /index.php$is_args$query_string;
# include /etc/nginx/naxsi.rules
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
include fastcgi_params;
}
location ~ \.php$ {
#match actual filename with extension or file not found
#try_files $uri $uri =404;
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
}
server {
listen [::]:80 default_server ipv6only=on;
listen 80 default_server;
server_name www.example.com;
return 301 https://example.com$request_uri;
}

nginx www shall redirect permanently with 301 under https

2 Answers2