Nginx https www redirect to non-www using let's encrypt certbot


#1

Hi this must be a basic question but I haven’t been able to figure it out. How do I get https www to redirect to non-www instead of timing out?

The https www version of my site times out instead of redirecting to non-www, whereas all other versions (http and https non-www) work fine.

Preferably I would like to future proof so that I can renew the certs through certbot and not need to manually change the nginx config afterwards.

The nginx server config is shown below:

server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name www.mydomain.com mydomain.com;

listen 443 ssl; # managed by Certbot
ssl_certificate <path_to_cert> # managed by Certbot
ssl_certificate_key <path_to_key>; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam <path_to_this>

if ($scheme != "https") {
    return 301 https://$host$request_uri;
} # managed by Certbot

}


#2

I don’t quite understand why you are using IPV6 only. (Which could make your site timeout if you don’t have IPV6)
Here’s my config

server {
        #Listen,IPV4
        listen       80;
        #Listen,IPV6
        listen       [::]:80;

        #Your Domain
        server_name  stevenz.science www.stevenz.science;


        # tell users to go to SSL version this time
        #Redirect to HTTPS
        if ($ssl_protocol = "") {
        rewrite     ^   https://$server_name$request_uri? permanent;
        }

}
server {
        #Listen 443,IPV4
        listen 443 ssl http2;
        #Listen 443, IPV6
        listen [::]:443 ssl http2;

}

#3

Hi Steven,

I can (and probably will) take away ipv6, but I don’t think that’s the issue. Do you use certbot to manage your SSL certs? If so where do they get automatically inserted by the certbot, that is, into which of your server blocks, or both?


#4

It’s odd for one of them to time out, and the other to work, if they point to the same IP address(es).

What’s the actual domain?

Can you provide the Nginx configuration, with “nginx -T”?


#5

I didn’t use certbot’s policy now, but when i use it, it inserted to the 443 port.

Also, why do you put 443 and 80 in one server block??


#6

Certbot does it, I believe. It’s not ideal but I guess it’s more practical to configure that way. I think there’s an issue open about it.


#7

I really suggest divide 443 and 80 to different block since it seems you are using all https now.


#8

Connectioon timeout might caused by the IPV6only connfig…


#9

Turns out the issue was my dns nameserver namecheap had a redirect of www to non-www which was messing things up. I deleted that and got back to ‘normal’ nginx issues which I fixed using server blocks. Thanks both.


#10

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.