Nginx redirect from old domain to new with ssl

redirect nginx ssl-certificate

I am trying to change the domain name for my site from https://www.myolddomain.se/ to https://www.mynewdomain.se/

The problem is that for my old domain I forced SSL on all pages and therefore all links on google and other sites are linked with https. When I try to visit the old domain from an https link I get a certificate error. So my question is: how can I redirect all pages linked with https to another https secured domain, in nginx, without getting this error?

I did some research and found this solution for redirecting web pages, which is now inserted in my config file. Though I still get the certificate error! 

server {
        server_name .myolddomain.se;
        return 301 https://www.mynewdomain.se$request_uri;
}

But I just can't get it to work! If anyone could come up with an answer I would be very grateful


Solution 1:

The solution depends on client capabilities, your budget and architecture specificities.

1. If both domains are hosted on the same IP address and you can't have an other one :

If client supports TLS SNI extension :

server {
    listen X.X.X.X:443 ssl;
    ssl_certificate /path/to/myolddomain.cert;
    ssl_certificate_key /path/to/myolddomain.key;
    server_name .myolddomain.se;
    return 301 https://www.mynewdomain.se$request_uri;
}


server {
    listen X.X.X.X:443 ssl;
    ssl_certificate /path/to/mynewdomain.cert;
    ssl_certificate_key /path/to/mynewdomain.key;
    server_name .mynewdomain.se;

    [ ... ] # Your stuff

}

If it doesn't but understands x509 extension SubjectAltName and you can afford to generate a new certificate then ask for a unique certificate for both domains. The configuration should look like :

server {
    listen X.X.X.X:443 ssl default_server;
    ssl_certificate /path/to/domain.cert;
    ssl_certificate_key /path/to/domain.key;
    server_name _;
}

server {
    listen X.X.X.X:443;
    server_name .myolddomain.se;
    return 301 https://www.mynewdomain.se$request_uri;
}


server {
    listen X.X.X.X:443;
    server_name .mynewdomain.se;

    [ ... ] # Your stuff

}

2. If each domain is on a distinct IP address or if it's on the same but you can have another one

The most generic solution, listen on two different IPs (usually an additional public IP is "simply" an option to purchase at your hosting provider) :

server {
    listen X.X.X.X:443 ssl;
    ssl_certificate /path/to/myolddomain.cert;
    ssl_certificate_key /path/to/myolddomain.key;
    server_name .myolddomain.se;
    return 301 https://www.mynewdomain.se$request_uri;
}

server {
    listen Y.Y.Y.Y:443 ssl;
    ssl_certificate /path/to/mynewdomain.cert;
    ssl_certificate_key /path/to/mynewdomain.key;
    server_name .mynewdomain.se;

    [ ... ] # Your stuff

}

Related

Is SSH logging capabilities equivalent to su logging for private/public key authentication?
How can I test if my apache server is an open proxy?
AWS NAT vs AWS IGW vs AWS Router
Issues with patching servers remotely using winrm and Microsoft.Update.Session
curl: (35) SSL connect error
How to setup an Intranet site and a FREE alternative to Sharepoint
Find (and kill) old processes
Best practices for choosing fs block size on ext3/4?
Temporary failure in name resolution
Jenkins: Trying to add a dumb slave but the option is missing, any idea how to add it?
CentOS How Much SWAP for 16GB of RAM?
Install .iso file on a remote server without DVD drive access