Non-www https to www https


#1

Hello,
I’m using Nginx.

I registered my domains ‘domain.com’ ‘www.domain.com’ using certbot :

/opt/certbot-auto certonly --webroot -w /var/www/ -d www.domain.com -d domain.com

I configured Nginx like that :

server {                                                                                                                                      
                                                                                                                                          
    listen 80;                                                                                                                                
    server_name domain.com www.domain.com;                                                                                                
                                                                                                                                          
    location ^~ /.well-known/ {                                                                                                               
        root /var/www;                                                                                                                        
    }                                                                                                                                           
                                                                                                                                          
    location / {                                                                                                                              
        return 301 https://www.domain.com$request_uri;                                                                                      
    }                                                                                                                                            
                                                                                                                                                                                                                                                                                     
}                                                                                                                                                                                                                                                                                    
                                                                                                                                          
server {                                                                                                                                      
                                                                                                                                          
        listen 443 ssl;                                                                                                                           
        server_name www.domain.com;                                                                                                             
                                                                                                                                          
        root /var/www/domain;                                                                                                                  
        index index.html;                                                                                                                         
                                                                                                                                          
        location ^~ /.well-known/ {                                                                                                               
        root /var/www;                                                                                                                        
    }                                                                                                                                         
                                                                                                                                          
    location ~ /\. {                                                                                                                          
        return 404;                                                                                                                           
    }                                                                                                                                           
                                                                                                                                          
    ssl on;                                                                                                                                   
    ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem;                                                                     
    ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem;                                                                   
    ssl_prefer_server_ciphers on;                                                                                                             
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;                                                                                                      
    ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
                                                                                                                                        
} 

My problem is : when I access https://domain.com, it does not redirect me to https://www.domain.com.
How can I solve my problem ?


#2

You have two server blocks:

  • The first handles all HTTP connections (listen 80) and redirects to https://www.
  • The second handles all HTTPS connections, but does not contain any redirects.

It follows that no HTTPS connections would result in a redirect based on this configuration.

You have a number of options for handling this:

  1. add an additional SSL server block for the non-www domain and add the same redirect you’re using in the HTTP server block.
  2. add a conditional redirect to the SSL server block using something like if ($host !~* ^www\.) { return 301 ... }.

Note that ifs are generally frowned upon in nginx configurations and should typically be avoided. Option 1 would probably be cleaner and perform better.


#3

Try adding this server block to rewrite https://domain.com to https://www.domain.com:

server {
        listen 443 ssl;
        server_name domain.com;
        location ^~ /.well-known/ {                                                                                                               
            root /var/www;                                                                                                                        
        }
        
        location / {
            return 301 https://www.domain.com$request_uri;
        }
        ssl on;                                                                                                                                   
        ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem;                                                                     
        ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem;                                                                   
        ssl_prefer_server_ciphers on;                                                                                                             
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;                                                                                                      
        ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
    }

Also, if you are using a compatible version of nginx (1.9.5 or later with the HTTP/2 module) for each listen 443 line make it listen 443 ssl http2; for better performance with HTTP/2.
If you have IPv6 also add after each listen line listen [::]:80; for the non-HTTPS side and listen [::]:443 ssl http2; for the HTTPS side.


#4

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.