Nginx ssl force www to redirect to non www domain

Question

I am trying to set up Nginx to redirect all www.example.com and https://www.example.com requests to https://example.com. Here is my config:

server {
  listen 443 ssl http2;
  listen [::]:443 ssl http2;

  server_name example.com;
  root /var/www/domain.com/system/nginx-root;

  ssl_certificate /home/user/.acme.sh/example.com/fullchain.cer;
  ssl_certificate_key /home/user/.acme.sh/example.com/domain.com.key;
  include /var/www/example.com/system/files/ssl-params.conf;

  location / {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $http_host;
    proxy_pass http://127.0.0.1:2368;

  }

  location ~ /.well-known {
    allow all;
  }

  client_max_body_size 50m;
}

Here are the contents of the ssl-params.conf file:

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128$
ssl_ecdh_curve secp384r1; # Requires nginx >= 1.1.0
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
ssl_stapling on; # Requires nginx >= 1.3.7
ssl_stapling_verify on; # Requires nginx => 1.3.7
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;

ssl_dhparam /var/www/example.com/system/files/dhparam.pem;

I can access example.com and https://example.com but when I try www.example.com and https://www.example.com I get a Your connection is not private error in Chrome and the site is blocked.

Can anyone help me with this?

EDIT:

I added this server block and it did not help:

server {
    listen 80;
    listen 443 ssl;

    server_name www.example.com;

    ssl_certificate /home/user/.acme.sh/example.com/fullchain.cer;
    ssl_certificate_key /home/user/.acme.sh/example.com/example.com.key;
    include /var/www/example.com/system/files/ssl-params.conf;

    return 301 https://example.com$request_uri;
}

The `http` to `https` *redirection* is happening in the browser due to the HSTS header setting. You need to set up a separate `server` block, maybe something [like this](https://stackoverflow.com/questions/42228191/nginx-redirect-non-www-to-www-https/42230968#42230968). — Richard Smith, Jul 28 '17 at 19:04
I added a server block to 301 redirect and it did not fix the issue (see edit) — Dustin, Jul 28 '17 at 20:16
Is that certificate for the `www.example.com` domain or just the `example.com` domain? — Richard Smith, Jul 28 '17 at 20:39
It is for example.com - I need to redirect the www requests to example.com — Dustin, Jul 28 '17 at 21:11
To redirect `https` from `www.example.com` to `example.com` you will need an SSL certificate for each of the domains, or a certificate that is valid for both domains or a wildcard certificate for the top-level domain. — Richard Smith, Jul 28 '17 at 22:37

Nginx ssl force www to redirect to non www domain

0 Answers0