最近同事给提了一个建议,说是公司一个项目的域名www.yuming.com , 要访问yuming.com或者www.yuming.com 都要跳转到https://www.yuming.com
最开始配置文件是这样配置的
server {
listen 443;
server_name www.yuming.com yuming.com;
ssl on;
ssl_certificate cert/2608548__yuming.com.pem;
ssl_certificate_key cert/2608548__yuming.com.key;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
charset utf-8;
}
server {
listen 80;
server_name www.yuming.com yuming.com;
rewrite ^(.*)$ https://www.yuming.com$1 permanent;
}
结果www.yuming.com 可以跳转HTTPS ,yuming.com直接访问也可以跳转HTTPS,但是要如果http://yuming.com或者https://yuming.com这样访问的话就访问失败。
最后排查的原因是公司购买的域名证书是 *.yuming.com的证书,也就是说这个证书只能二级域名可以使用。yuming.com是个一级域名所以不能使用,后面重新申请了一个单域名yuming.com 的证书(单域名证书是免费的),重新配置以后成功了,配置如下:
server {
listen 443;
server_name www.yuming.com;
ssl on;
ssl_certificate cert/2608548__yuming.com.pem;
ssl_certificate_key cert/2608548__yuming.com.key;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
charset utf-8;
}
server {
listen 443;
server_name yuming.com;
ssl on;
ssl_certificate cert/4137798_yuming.com.pem;
ssl_certificate_key cert/4137798_yuming.com.key;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
rewrite ^(.*)$ https://www.yuming.com$1 permanent;
}
server {
listen 80;
server_name www.yuming.com yuming.com;
rewrite ^(.*)$ https://www.yuming.com$1 permanent;
}
