landed
By:
landed

Cannot configure HTTPS for www subdomain using nginx server blocks

September 27, 2017 326 views
Nginx Ubuntu 16.04

I want to stop this from happening
https://www.site.com/articles/abc
This should be redirected (to remove www) as in my server block configuration. I don't understand why however. I have looked a lot at similar solutions on server fault and wonder if there is something more specific for DO.

here is the config thank you for help.

server {
listen 80;
listen [::]:80;
servername site.com www.site.com;
return 301 https://$server
name$request_uri;
}

server {
listen 443 ssl;
listen [::]:443 ssl http2;
include snippets/ssl-site.com.conf;
include snippets/ssl-params.conf;

    root /var/www/site.com/html;

    index index.html index.htm index.nginx-debian.html index.php;

    server_name site.com www.site.com;
    #rewrite ^ https://site.com$request_uri? permanent;
    #return 301 https://$server_name$request_uri;

    add_header X-Frame-Options "SAMEORIGIN";

    rewrite ^(.*)/(\d+)-([^/]+)(.*)$ $1/$3 permanent;
    rewrite ^.*\.(pptx)$ https://caribbean-diving.com permanent;

    location ~* \.(?:css|js|gif|jpeg|jpg|png)$ {
            expires max;
            add_header Cache-Control public;
    }

    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
            root /usr/share/nginx/html;
    }

    location ~ \.php$ {
            include snippets/fastcgi-php.conf;
            fastcgi_pass unix:/run/php/php7.0-fpm.sock;
    }

    location / {
            try_files $uri $uri/ /index.php?$args;
    }

    location ~ /.well-known {
            allow all;
    }

}

2 comments
  • Ok looks like I was only doing a cert for the non www not www...and perhaps the order of things happening meant that even if the www variant was not redirecting because the www was not properly certified..so I re ran that

    You have an existing certificate that contains a portion of the domains you
    requested (ref: /etc/letsencrypt/renewal/example.com.conf)
    
    It contains these names: example.com
    
    You requested these names for the new certificate: example.com,
    www.example.com
    
    Do you want to expand and replace this existing certificate with the new
    certificate?
    -------------------------------------------------------------------------------
    (E)xpand/(C)ancel: E
    Renewing an existing certificate
    Performing the following challenges:
    tls-sni-01 challenge for example.com
    tls-sni-01 challenge for www.example.com
    Waiting for verification...
    Cleaning up challenges
    Deployed Certificate to VirtualHost /etc/nginx/sites-enabled/example.com for set(['www.example.com', 'example.com'])
    Deployed Certificate to VirtualHost /etc/nginx/sites-enabled/example.com for set(['www.example.com', 'example.com'])
    nginx: [emerg] "ssl_certificate" directive is duplicate in /etc/nginx/sites-enabled/example.com:54
    Rolling back to previous server configuration...
    nginx restart failed:
    
    
    
    IMPORTANT NOTES:
     - We were unable to install your certificate, however, we
       successfully restored your server to its prior configuration.
     - Congratulations! Your certificate and chain have been saved at:
       /etc/letsencrypt/live/example.com/fullchain.pem
       Your key file has been saved at:
       /etc/letsencrypt/live/example.com/privkey.pem
       Your cert will expire on 2017-12-26. To obtain a new or tweaked
       version of this certificate in the future, simply run certbot again
       with the "certonly" option. To non-interactively renew *all* of
       your certificates, run "certbot renew"
    
  • So now I can see I get a padlock for the www version as well. However the redirection still has issues- ie doesn't actually redirect. So there is an seo problem rather than a nasty SSL problem but I want to solve the reason why the www is not redirected properly.
    I have another domain that is working sweet and the config looks identical so it is confusing.

    Edit that other domain was using .htaccess to redirect!

    So have now fixed them both with a separate server block to catch https://www variants..

Be the first one to answer this question.