nginx: redirect to non-www including all subdomains

Question

This question has been asked in various ways a million times. Still I can not find an answer that is generic enough to cover all cases.

All I want is to remove www from any incoming URL and I want that applied to all my subdomains. Here is my nginx config that is otherwise working fine:

# redirect HTTP to HTTPS, no www
server {
    listen      80;
    listen [::]:80;

    server_name ~^(?<www>www\.)(?<subdomain>.+)\.example\.com$;

    # redirect
    return 301 https://${subdomain}.example.com$request_uri;
}

#redirect HTTPS www to non-www
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name ~^(?<www>www\.)(?<subdomain>.+)\.example\.com$;

    # ssl config...

    # redirect
    return 301 https://${subdomain}.example.com$request_uri;
}

#default server
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name example.com *.example.com;

    # other calls below this point include
    # root dir
    # ssl config
    # security headers
    # various location blocks, specific to my project
    # error page
    # error/access logs...
}

All these mappings are handled fine by the config above:

• http://example.com -> https://example.com
• http://client1.example.com -> https://client1.example.com
• http://dev.client1.example.com -> https://dev.client1.example.com
• http://stage.client1.example.com -> https://stage.client1.example.com

But these are NOT:

• http://www.example.com -> https://example.com
• http://www.client1.example.com -> https://client1.example.com
• http://www.dev.client1.example.com -> https://dev.client1.example.com

Can you help me understand what I need to change in my config or how to debug this?

Answer 1

For the http block:

Due to HSTS, only serves clients visiting for the first time. So you could use a simple redirect and perform www. removal in the https blocks.

For example:

server {
    listen      80;
    listen [::]:80;
    return 301 https://$host$request_uri;
}

If you want to remove the www. prefix at this stage, you need a regular expression that will always match.

For example:

server {
    listen      80;
    listen [::]:80;
    server_name   ~^(www\.)?(?<domain>.+)$;
    return 301 https://$domain$request_uri;
}

See this document for details.

---

For the https blocks:

You need a regular expression to capture that part of the domain name after the www.. You have two options:

Use two server blocks (as you have now) but don't put a wildcard server_name statement in the second block. You could use another regular expression (e.g. server_name ~example\.com$;) or just no server_name at all and make it the default.

For example:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name   ~^www\.(?<domain>.+)$;
    # ssl config...
    return 301 https://$domain$request_uri;
}
server {
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server;
    # no server_name statement needed
    ...
}

Or use a single server block and test the $http_host variable using an if statement.

For example:

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name  .example.com;

    if ($http_host ~ ~^www\.(.+)$) { return 301 https://$1$request_uri; }
    ...
}

See this caution on the use of if.