Avoid duplication in nginx redirects config?

Question

Setting up redirects www → non-www and HTTP → HTTPS at the same time, I ran into duplication issue that I fail to overcome.

On my domain—let it be example.com—I have a website with primary name another.example.com. I want the requests to example.com, www.example.com, and www.another.example.com to be redirected to another.example.com, and all HTTP requests to be redirected to HTTPS at the same time; I also want to support HTTP/2 and IPv6.

I have no issue with getting this to work, but I fail to get rid of duplicating a substantial part of configuration file (namely HTTPS certificate settings). All attempts to reduce duplication cause one or more or all redirects to stop working (sometimes along with HTTP/2).

Please take a look at the config and suggest how to clean it up:

server {
    listen 80;
    listen [::]:80;
    server_name www.another.example.com www.example.com another.example.com example.com;
    return 301 https://another.example.com$request_uri;
}

server {
    listen 443;
    listen [::]:443;
    server_name www.another.example.com www.example.com example.com;
    return 301 https://another.example.com$request_uri;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

server {
    server_name another.example.com;
    root /usr/share/nginx/another.example.com;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }

    listen [::]:443 ssl http2;
    listen 443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

See [this example](https://stackoverflow.com/questions/43081780/dns-records-redirect-www-to-non-www/43089681#43089681) on SO. — Richard Smith, Nov 25 '21 at 07:45
Alternatively, move common settings into a dedicated config and rely on `include`. — gxx, Nov 25 '21 at 11:14
@RichardSmith after moving four duplicate strings to the outer block (and deletining them in both inner blocks), I get configuration errors: `nginx: [warn] duplicate value "TLSv1.2" in /etc/letsencrypt/options-ssl-nginx.conf:11 nginx: [warn] duplicate value "TLSv1.3" in /etc/letsencrypt/options-ssl-nginx.conf:11 nginx: [emerg] "ssl_prefer_server_ciphers" directive is duplicate in /etc/letsencrypt/options-ssl-nginx.conf:12 nginx: configuration file /etc/nginx/nginx.conf test failed` — 78767, Nov 25 '21 at 12:54
It looks like you have duplicate statements somewhere. Use `nginx -T` (uppercase `T`) to view the entire configuration across all included files. — Richard Smith, Nov 25 '21 at 14:12
@RichardSmith yes, you’re right. But after I tracked down the duplication, another problem arose: there’re actually multiple top-level domains in my nginx config. If I move SSL configuration from a server block to the top level, then only one domain (e.g., `example.com`) will be working. — 78767, Nov 25 '21 at 15:17
In which case your original setup is probably the best you can achieve. If you have a large number of duplicated statements you could place them into an included file. — Richard Smith, Nov 25 '21 at 15:58

sri kumar · Answer 1 · 2021-11-25T11:22:11.120

server {
    server_name another.example.com;
    root /usr/share/nginx/another.example.com;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }

    listen [::]:443 ssl http2;
    listen 443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name www.another.example.com www.example.com example.com;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    rewrite ^/(.*)$ https://another.example.com/$1 permanent;
}
server {
    listen 80;
    listen [::]:80;
    server_name www.another.example.com www.example.com another.example.com example.com;
    location / {
        if ($host !~* ^(www)) {
          rewrite ^/(.*)$ https://another.example.com/$1 permanent;
        }
    }
}

Avoid duplication in nginx redirects config?

1 Answers1