0

I'm using NGINX and I have ssl cert for example.com And I don't have ssl cert for www.example.com.

In brief: I tried to configure NGINX to redirect from all the www requests to non-www (from **http**://www.example.com and **https**://www.example.com to https://example.com). Nevertheless I used a tone of different answers to more or less similiar questions, I get either no result or the server stops answering :(

That was the problem in general, now I'll dive into details:

Now my NGINX config looks like:

upstream puma_example_production { 
  server unix:/var/www/example/shared/tmp/sockets/puma.sock fail_timeout=0;
}

#server {
#    listen 80;
#    listen 443 ssl;
#    server_name www.example.com;
#    return 301 https://example.com$request_uri;
#}


server {
  listen 80;
  listen 443 ssl;
  ssl on;
  ssl_certificate /var/certs/ssl.crt;
  ssl_certificate_key /var/certs/sslkey.key;

  server_name example.com;
  root /var/www/example/current/public;
  try_files $uri/index.html $uri @puma_example_production;

  client_max_body_size 4G;
  keepalive_timeout 10;

  error_page 500 502 504 /500.html;
  error_page 503 @503;

  # return   301 https://example.com$request_uri;

  location @puma_example_production {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_redirect off;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "Upgrade";
    proxy_set_header X-Forwarded-Proto https;
    proxy_pass http://puma_example_production;
    # limit_req zone=one;
    access_log /var/www/example/shared/log/nginx.access.log;
    error_log /var/www/example/shared/log/nginx.error.log;
  }

  location ^~ /assets/ {
    gzip_static on;
    expires max;
    add_header Cache-Control public;
  }

  location = /50x.html {
    root html;
  }

  location = /404.html {
    root html;
  }

  location @503 {
    error_page 405 = /system/maintenance.html;
    if (-f $document_root/system/maintenance.html) {
      rewrite ^(.*)$ /system/maintenance.html break;
    }
    rewrite ^(.*)$ /503.html break;
  }

  if ($request_method !~ ^(GET|HEAD|PUT|PATCH|POST|DELETE|OPTIONS)$ ){
    return 405;
  }

  if (-f $document_root/system/maintenance.html) {
    return 503;
  }
}

I commented the lines with approaches which cause errors. Now I have proper server work for non-www requests, but with www requests I get browser warning that I have no ssl cert (NET::ERR_CERT_COMMON_NAME_INVALID) (and that's true).

I hope that there's the right way to redirect from www to non-www. Could youhelp me out, please?

Alexander Gorg
  • 101
  • 3

1 Answers1

1

Hello and welcome to Server Fault!

Try to separate your server directives:

server {
    # No configuration for 443

    listen 80;
    server_name www.example.com;
    return 301 https://example.com$request_uri;
}

and

server {
  # No configuration for 80

  listen 443 ssl;
  ssl on;
  ssl_certificate /var/certs/ssl.crt;
  ssl_certificate_key /var/certs/sslkey.key;

  [...]

}

Please keep in mind that a redirect done this way will work only for GET requests and not for POST.

Daniele Santi
  • 2,479
  • 1
  • 25
  • 22