Nginx redirect from old domain to new with ssl
I am trying to change the domain name for my site from https://www.myolddomain.se/
to https://www.mynewdomain.se/
The problem is that for my old domain I forced SSL on all pages and therefore all links on google and other sites are linked with https. When I try to visit the old domain from an https link I get a certificate error. So my question is: how can I redirect all pages linked with https to another https secured domain, in nginx, without getting this error?
I did some research and found this solution for redirecting web pages, which is now inserted in my config file. Though I still get the certificate error!
server {
server_name .myolddomain.se;
return 301 https://www.mynewdomain.se$request_uri;
}
But I just can't get it to work! If anyone could come up with an answer I would be very grateful
Solution 1:
The solution depends on client capabilities, your budget and architecture specificities.
1. If both domains are hosted on the same IP address and you can't have an other one :
If client supports TLS SNI extension :
server {
listen X.X.X.X:443 ssl;
ssl_certificate /path/to/myolddomain.cert;
ssl_certificate_key /path/to/myolddomain.key;
server_name .myolddomain.se;
return 301 https://www.mynewdomain.se$request_uri;
}
server {
listen X.X.X.X:443 ssl;
ssl_certificate /path/to/mynewdomain.cert;
ssl_certificate_key /path/to/mynewdomain.key;
server_name .mynewdomain.se;
[ ... ] # Your stuff
}
If it doesn't but understands x509 extension SubjectAltName
and you can afford to generate a new certificate then ask for a unique certificate for both domains. The configuration should look like :
server {
listen X.X.X.X:443 ssl default_server;
ssl_certificate /path/to/domain.cert;
ssl_certificate_key /path/to/domain.key;
server_name _;
}
server {
listen X.X.X.X:443;
server_name .myolddomain.se;
return 301 https://www.mynewdomain.se$request_uri;
}
server {
listen X.X.X.X:443;
server_name .mynewdomain.se;
[ ... ] # Your stuff
}
2. If each domain is on a distinct IP address or if it's on the same but you can have another one
The most generic solution, listen on two different IPs (usually an additional public IP is "simply" an option to purchase at your hosting provider) :
server {
listen X.X.X.X:443 ssl;
ssl_certificate /path/to/myolddomain.cert;
ssl_certificate_key /path/to/myolddomain.key;
server_name .myolddomain.se;
return 301 https://www.mynewdomain.se$request_uri;
}
server {
listen Y.Y.Y.Y:443 ssl;
ssl_certificate /path/to/mynewdomain.cert;
ssl_certificate_key /path/to/mynewdomain.key;
server_name .mynewdomain.se;
[ ... ] # Your stuff
}