Answer the question
In order to leave comments, you need to log in
K
K
kurs0r2020-07-30 01:32:33
kurs0r, 2020-07-30 01:32:33
Where is the error in setting up a 301 redirect?
Good afternoon.
The essence of the problem in a nutshell:
- There is a main mirror of the site from www - https://www.pozdravunchik.ru ,
- which is correctly redirected from http www.pozdravunchik.ru and pozdravunchik.ru ,
- but the redirect from https does not work without www https://pozdravunchik.ru .
Please take a look and tell me where the mistake was made in setting up redirects?
Settings in htaccess :
RewriteBase /
RewriteCond %{HTTP_HOST} ^(.+).pozdravunchik.ru$ [NC]
RewriteCond %{HTTP_HOST} !^www.pozdravunchik.ru$ [NC]
RewriteRule ^(.*)$ http://www.pozdravunchik.ru/$1 [NE,R=301,L]
RewriteCond %{SERVER_PORT} 80
RewriteCond %{SERVER_NAME} !^www.pozdravunchik.ru$ [NC]
RewriteRule ^(.*)$ http://www.pozdravunchik.ru/$1 [R=301,L]
RewriteCond %{SERVER_PORT} 443
RewriteCond %{SERVER_NAME} !^www.pozdravunchik.ru$ [NC]
RewriteRule ^(.*)$ https://www.pozdravunchik.ru/$1 [R=301,L]The redirect settings inside the config file in /etc/nginx/ are as follows :
server {
listen 80;
server_name pozdravunchik.ru;
return 301 https://www.$server_name$request_uri;
}
server {
listen 80;
server_name www.pozdravunchik.ru ;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
#ssl on;
ssl_certificate /etc/letsencrypt/live/www.pozdravunchik.ru/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.pozdravunchik.ru/privkey.pem; # managed by Certbot
server_name pozdravunchik.ru;
return 301 https://www.$server_name$request_uri;
}
server {
listen 443 ssl;
#ssl on;
ssl_certificate /etc/letsencrypt/live/www.pozdravunchik.ru/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.pozdravunchik.ru/privkey.pem; # managed by Certbot
server_name www.pozdravunchik.ru ; 1 answer(s)
@shambler81
DO NOT forget that the redirect will not physically work without a certificate, since Apache and nginx have a crutch that departs from RFC TCP / IP
. In particular, it allows you to hang several sites on the same port and ip.
As a result, the demon will deal directly with the parsing of which site to give to whom, and it takes this information from the referee, looks at which host was requested and, based on it, substitutes the config.
BUT
HTTPS naturally will not give a single byte of information before receiving these keys. Accordingly, things will not reach mod_rewrite at all)
So the keys for all domains must be up-to-date.
Even if it's Letsencrypt
V
Viktor Taran, 2020-08-03 @shambler81
The certificate was issued only on www.pozdravunchik.ru, but is also needed on pozdravunchik.ru.
Written 30 Jul.
DO NOT forget that the redirect will not physically work without a certificate, since Apache and nginx have a crutch that departs from RFC TCP / IP
. In particular, it allows you to hang several sites on the same port and ip.
As a result, the demon will deal directly with the parsing of which site to give to whom, and it takes this information from the referee, looks at which host was requested and, based on it, substitutes the config.
BUT
HTTPS naturally will not give a single byte of information before receiving these keys. Accordingly, things will not reach mod_rewrite at all)
So the keys for all domains must be up-to-date.
Even if it's Letsencrypt
Similar questions
B
A
R
G
N
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question