Simple SSL Question

Sat Jun 8 18:29:15 UTC 2013

Hello,

On Sat, Jun 8, 2013 at 2:18 PM, Travis Maxwell <the.energetic at gmail.com>wrote:

> Hi,
>
> I'm using nginx with SSL, and I want to always redirect to www, regardless
> of whether the request is http or https. I just want to redirect to the
> respective protocol but with www.
>
> I have the port 80 server block working fine. Beneath my first server
> block I have...
>
> server {
>     listen      80;
>     server_name example.com;
>     return 301  http://www.example.com$request_uri;
> }
>
> and this works fine. But for my port 443 server block for https, I have
> all kinds of information inside regarding ssl on and different ciphers to
> use.
>
> I really don't want to mess up anything up related to security by doing
> something stupid.. so my question is on this second block for port 443
> underneath the first one...
>
> server {
>     listen      443;
>     server_name example.com;
>     return 301  https://www.example.com$request_uri;
> }
>
> do I need anything else? do I need ssl on or any other security related
> things? If they visit non-www does that mean it transfers the request
> insecurely or something (even for a split second while its redirecting?)
> 
>
> 
Put both 'listen' directives in the same server block.

> Just want to make sure what I have is solid and secure. It seems to work
> but I want to double check.
>
> Thanks!
>
---
*B. R.*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20130608/b9349355/attachment.html>