Hello,
On Sat, Jun 8, 2013 at 2:18 PM, Travis Maxwell <the.energetic@gmail.com>wrote:
> Hi,
>
> I'm using nginx with SSL, and I want to always redirect to www, regardless
> of whether the request is http or https. I just want to redirect to the
> respective protocol but with www.
>
> I have the port 80 server block working fine. Beneath my first server
> block I have...
>
> server {
> listen 80;
> server_name example.com;
> return 301 http://www.example.com$request_uri;
> }
>
> and this works fine. But for my port 443 server block for https, I have
> all kinds of information inside regarding ssl on and different ciphers to
> use.
>
> I really don't want to mess up anything up related to security by doing
> something stupid.. so my question is on this second block for port 443
> underneath the first one...
>
> server {
> listen 443;
> server_name example.com;
> return 301 https://www.example.com$request_uri;
> }
>
> do I need anything else? do I need ssl on or any other security related
> things? If they visit non-www does that mean it transfers the request
> insecurely or something (even for a split second while its redirecting?)
>
>
>
Put both 'listen' directives in the same server block.
> Just want to make sure what I have is solid and secure. It seems to work
> but I want to double check.
>
> Thanks!
>
---
*B. R.*
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
On Sat, Jun 8, 2013 at 2:18 PM, Travis Maxwell <the.energetic@gmail.com>wrote:
> Hi,
>
> I'm using nginx with SSL, and I want to always redirect to www, regardless
> of whether the request is http or https. I just want to redirect to the
> respective protocol but with www.
>
> I have the port 80 server block working fine. Beneath my first server
> block I have...
>
> server {
> listen 80;
> server_name example.com;
> return 301 http://www.example.com$request_uri;
> }
>
> and this works fine. But for my port 443 server block for https, I have
> all kinds of information inside regarding ssl on and different ciphers to
> use.
>
> I really don't want to mess up anything up related to security by doing
> something stupid.. so my question is on this second block for port 443
> underneath the first one...
>
> server {
> listen 443;
> server_name example.com;
> return 301 https://www.example.com$request_uri;
> }
>
> do I need anything else? do I need ssl on or any other security related
> things? If they visit non-www does that mean it transfers the request
> insecurely or something (even for a split second while its redirecting?)
>
>
>
Put both 'listen' directives in the same server block.
> Just want to make sure what I have is solid and secure. It seems to work
> but I want to double check.
>
> Thanks!
>
---
*B. R.*
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
