First of all your need SSL certificate for both domains test.in and www.test.in.

Step 1 – Redirect https://test.in to https://www.test.in

Edit your nginx.conf or domain level conf file using a text editor such as vim command:


$ sudo vi /etc/nginx/sites-enabled/theos.in.conf

Append the following config:

 ### redirect HTTPS n
server {
    listen 443 ssl;
    server_name theos.in;
    ssl_certificate /etc/nginx/ssl/letsencrypt/non-www.test.in/test.in.cer;
    ssl_certificate_key /etc/nginx/ssl/letsencrypt/non-www.test.in/test.in.key;
    return 301 https://www.test.in$request_uri;
}


Step 2 – Nginx configuration for https://www.test.in

Here is my sample config:

server {
    access_log  /var/log/nginx/www.test.in_access.log;
    error_log  /var/log/nginx/www.test.in_error.log;
    listen 443 ssl http2;
    server_name www.test.in;
    # adjust as per your needs #
    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate #
    ssl_certificate /etc/nginx/ssl/letsencrypt/www.test.in/www.theos.in.cer;
    ssl_certificate_key /etc/nginx/ssl/letsencrypt/www.test.in/www.test.in.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;
    ssl_dhparam /etc/nginx/ssl/letsencrypt/theos.in/dhparams.pem;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-
GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-
SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-
RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-
ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-
RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-
DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-
SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS'; ssl_prefer_server_ciphers on;   add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload" always; add_header X-Content-Type-Options "nosniff" always; add_header X-Frame-Options "SAMEORIGIN" always; add_header X-Xss-Protection "1";   # OCSP Stapling # fetch OCSP records from URL in ssl_certificate and cache them ssl_stapling on; ssl_stapling_verify on; #resolver <IP DNS resolver>;   ssl_buffer_size 8k; ## rest of your config below such as php-cgi, documentroot and more ## }

Step 3 – Redirect all HTTP traffic to HTTPS

Of course, all HTTP traffic must be sent to HTTPS server so that Strict-Transport-Security works correctly. Append following in your config file too:

# Redirect www.test.in:80 to https://www.test.in:443
server {
    listen      80;
    access_log  off;
    error_log   off;
    server_name www.test.in;
    return         301 https://$server_name$request_uri;
}
# # Redirect http://test.in:80 to https://test.in:443
server {
    listen      80;
    access_log  off;
    error_log   off;
    server_name test.in;
    return         301 https://$server_name$request_uri;
}

Make  sure you reload or restart the nginx server:


$ sudo systemctl reload nginx

OR

$ sudo service nginx reload

Make  sure you reload or restart the nginx server:


$ sudo systemctl reload nginx

OR

$ sudo service nginx reload


How to test redirect non-www to www over SSL with Nginx server and curl

The syntax is as follows for the curl command:


curl -IL https://theos.in/
curl -IL http://test.in/

 

Cette réponse était-elle pertinente? 0 Utilisateurs l'ont trouvée utile (0 Votes)