Answer the question
In order to leave comments, you need to log in
A
A
ApolloHoTs2019-08-18 16:41:29
ApolloHoTs, 2019-08-18 16:41:29
How to change "www.https" to "https" on NGINX for a subdomain?
Hello.
We have: debian 10, nginx 1.16.1, wildcard ssl certificate (issued for *.site.bz site.bz). Apache is not.
There is a test2.site.bz subdomain, I tried to set up an ssl connection.
With www.test2.site.bz and test2.site.bz Redirects correctly to httpS://test2.site.bz
But does not redirect from httpS://www.test2.site.bz to httpS://test2.site. bz, swears at the certificate and remains at httpS://www.test2.site.bz. Tell me how to do it right and is it possible?
nginx config for test2.site.bz subdomain:
server {
listen 80;
server_name "~^(www\.)?(.*)$" ;
return 301 https://test2.site.bz;
}
server {
listen 443 ssl http2;
charset utf-8;
# Include common ssl params
include snippets/ssl.conf;
# Include certificate params
include snippets/certs/site.bz;
# Корневая директория проекта
root /var/www/test2.site.bz;
# Индексы
index index.html index.htm index.php;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
access_log /var/log/nginx/test2.site.bz_access.log;
error_log /var/log/nginx/test2.site.bz_error.log;
# Обработка запросов
# $uri - существует ли конкретный файл
# $uri/ - существует ли директория
# /index.php?$args - если это не запрос на существующий файл или директорию, то перебрасываем на роутер WordPress (это и есть то, что надо для пермалинков)
location / {
try_files $uri $uri/ /index.php?$args;
}
# Обрабатываем PHP
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
#NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_pass unix:/var/run/php/php7.3-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
include fastcgi_params;
}
# Все остальное
# Запрещаем доступ к .htaccess
location ~ /\.ht {
deny all;
}
# Просим кешировать статику на Х дней, не писать в логи
location ~*
^.+\.(js|css|swf|xml|txt|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off;
log_not_found off;
expires 30d;
}
}SSL config:
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:30m;
ssl_session_tickets on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES256-SHA384;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff; 2 answer(s)
@ApolloHoTs
@thexaver
A
ApolloHoTs, 2019-08-18 @ApolloHoTs
Answer:
Wildcard certificate does not work for 4th level domains, for example: httpS://www.test2.site.ru
Works only up to 3rd level, for example: httpS://test2.site.ru
Solution:
Take a separate certificate .
A
Andrey Gavrilov, 2019-08-18 @thexaver
Server{ is made only for port 80, and server is not made for port 443
Similar questions
I
D
D
V
V
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question