Redirect www to not-www
Francis Daly
francis at daoine.org
Tue Jan 10 18:43:43 UTC 2023
On Tue, Jan 10, 2023 at 12:03:06PM -0500, Paul wrote:
Hi there,
> Using nginx (1.18.0 on Ubuntu 20.04.5) as proxy to back-end, I have three
> sites (a|b|c.example.com) in a fast, reliable production environment. I have
> DNS records set up for www.a|b|c.example.com. I have CertBot set up for
> only a|b|c.example.com.
>
> To avoid "doubling" the number of sites-available and security scripts, and
> to avoid the unnecessary "www." I would like to add something like:
>
> server {
> server_name www.a.example.com;
> return 301 $scheme://a.example.com$request_uri;
> }
> Maybe I'm missing something fundamental?
Yes, you are missing something fundamental :-(
There are 4 families of requests that the client can make:
* http://www.a.example.com
* http://a.example.com
* https://www.a.example.com
* https://a.example.com
It looks like you want each of the first three to be redirected to
the fourth?
It is straightforward to redirect the first two to the fourth --
something like
server {
server_name a.example.com www.a.example.com;
return 301 https://a.example.com$request_uri;
}
should cover both.
(Optionally with "listen 80;", it replaces your similar no-ssl server{}
block.)
But for the third family, the client will first try to validate the
certificate that it is given when it connects to www.a.example.com,
before it will make the http(s) request that you can reply to with
a redirect. And since you do not (appear to) have a certificate for
www.a.example.com, that validation will fail and there is nothing you
can do about it. (Other that get a certificate.)
Cheers,
f
--
Francis Daly francis at daoine.org
More information about the nginx
mailing list