Nginx block for multiple domains to redirect all traffic to https?
I have a web server running nginx 1.6 with one IP address and hosting www.domainname.com as well as dev.domainname.com.
I'm trying to find a smart way to route all http traffic to https and I want to make sure that my default server is the 'www' live version of the time. So the end goal is that unless the user specifies https://dev.domainname.com they will be redirected to https://www.domainname.com.
My nginx.conf setup is configured to include for '/etc/nginx/etc/sites-enabled/*'. So my configuration example is located at 'etc/nginx/sites-enabled/www.domainname.com'.
Also, to clarify. My current configuration has issues loading the dev site when you are visiting the domain without the www.
Edit: I just tried this method locally and http and https are not allowed in the '/etc/nginx/sites-enabled/'. Is there a better solution or should I move this configuration into the nginx.conf?*
So my question is there a better way to handle this type of setup?
http {
# all traffic should be over https
listen 80 default;
# listen for all server names
server_name *.domainname.com;
# redirect to www with https
return 301 $scheme://www.domainname.com$request_uri;
}
https {
# configuration for all https sites
listen 443 default ssl;
ssl on;
index index.html index.htm index.php;
charset utf-8;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
access_log off;
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi_params;
}
location ~ /\.ht {
deny all;
}
# configuration for the non-www redirect
server {
# non-www server name
server_name domainname.com;
# return to www
return 301 $scheme://www.domainname.com$request_uri;
}
# configuration for the live website
server {
# www server name
server_name www.domainname.com;
# root to public directory
root /path/to/www.domainname.com/public;
# ssl certificates
ssl_certificate /etc/nginx/ssl/www.domainname.com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/www.domainname.com/server.key;
# error logs for www site
error_log /var/log/nginx/www.domainname.com-error.log error;
}
# configuration for the dev site
server {
# dev server name
server_name dev.domainname.com;
# root to public directory
root /path/to/dev.domainname.com/public;
# ssl certificates - using multi domain ssl
ssl_certificate /etc/nginx/ssl/www.domainname.com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/www.domainname.com/server.key;
# error logs for dev site
error_log /var/log/nginx/dev.domainname.com-error.log error;
}
}
If your distribution is Debian-based, you have sites-available/default file installed. That is the file that configures default pages for nginx.
You need to disable this virtual host by running its symlink with rm sites-enabled/default.
Then, you need to make a new default with the following content:
server {
listen 80 default_server;
listen 443 default_server ssl;
server_name _;
ssl_certificate /path/to/your/certificate;
ssl_certificate_key /path/to/your/key;
redirect 301 https://www.domainname.com$request_uri;
}
This block makes sure that all requests to other domains not listed everywhere get redirected to https://www.domainname.com.
Then, make another file, for example dev.domainname.com:
server {
listen 443 ssl;
server_name dev.domainname.com;
ssl_certificate /path/to/your/certificate;
ssl_certificate_key /path/to/your/key;
# Other config for dev.domainname.com
}
This block handles the requests for dev.domainname.com.
And finally, www.domainname.com:
server {
listen 443 ssl;
server_name www.domainname.com;
ssl_certificate /path/to/your/certificate;
ssl_certificate_key /path/to/your/key;
# Other config for www.domainname.com
}
And this block handles requests for www.domainname.com.
All you need is this:
server {
listen 80;
server_name *.domainname.com;
return 301 https://$host$request_uri;
}