0

I'm having issues with a site that has a Let's Encrypt cert for the naked domain example.com. There is a CNAME DNS entry that points www to the A record.

I want all www traffic to redirect to the non-www version and all non-:443 traffic to redirect to :443.

Here is a representation of my config: 

server {
    server_name  www.example.com;
    rewrite ^(.*) https://example.com$1 permanent;
}
server {
    listen 80 default_server;
    listen [::]:80 default_server;

    server_name _;

    location / {
       return 301 https://$host$request_uri;
    }
}

server {
    server_name example.com; # managed by Certbot

    location / {
        if ($request_method = 'GET') {
            add_header 'Access-Control-Allow-Origin' '*';
            add_header 'Access-Control-Allow-Credentials' 'true';
            add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
            add_header 'Access-Control-Allow-Headers' 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type';
        }

        proxy_pass http://127.0.0.1:8000;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_Addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }


    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    # relevant ssl cert info

}

This setup is currently causing a certificate name mismatch for some cases where the user attempts to visit the www version of the site.

Based on what I have read so far, it would seem I need to add another server block to handle the :443 www redirect, which might look something like this: 

server {
    listen 443 ssl;
    server_name www.example.com;
    rewrite ^(.*) https://example.com$1 permanent;
}

Is this correct?

Chase
  • 111
  • 5

0 Answers0