Score:0

Server

Avoid duplication in nginx redirects config?

78767

3/25/23, 1:09 AM

Setting up redirects www → non-www and HTTP → HTTPS at the same time, I ran into duplication issue that I fail to overcome.

On my domain—let it be example.com—I have a website with primary name another.example.com. I want the requests to example.com, www.example.com, and www.another.example.com to be redirected to another.example.com, and all HTTP requests to be redirected to HTTPS at the same time; I also want to support HTTP/2 and IPv6.

I have no issue with getting this to work, but I fail to get rid of duplicating a substantial part of configuration file (namely HTTPS certificate settings). All attempts to reduce duplication cause one or more or all redirects to stop working (sometimes along with HTTP/2).

Please take a look at the config and suggest how to clean it up:

server {
    listen 80;
    listen [::]:80;
    server_name www.another.example.com www.example.com another.example.com example.com;
    return 301 https://another.example.com$request_uri;
}

server {
    listen 443;
    listen [::]:443;
    server_name www.another.example.com www.example.com example.com;
    return 301 https://another.example.com$request_uri;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

server {
    server_name another.example.com;
    root /usr/share/nginx/another.example.com;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }

    listen [::]:443 ssl http2;
    listen 443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}

0 + 0

nginx

https

redirect

ssl-certificate

http2

Richard Smith

3/25/23, 7:45 AM

See [this example](https://stackoverflow.com/questions/43081780/dns-records-redirect-www-to-non-www/43089681#43089681) on SO.

gxx

3/25/23, 11:14 AM

Alternatively, move common settings into a dedicated config and rely on `include`.

78767

3/25/23, 12:54 PM

@RichardSmith after moving four duplicate strings to the outer block (and deletining them in both inner blocks), I get configuration errors: `nginx: [warn] duplicate value "TLSv1.2" in /etc/letsencrypt/options-ssl-nginx.conf:11 nginx: [warn] duplicate value "TLSv1.3" in /etc/letsencrypt/options-ssl-nginx.conf:11 nginx: [emerg] "ssl_prefer_server_ciphers" directive is duplicate in /etc/letsencrypt/options-ssl-nginx.conf:12 nginx: configuration file /etc/nginx/nginx.conf test failed`

Richard Smith

3/25/23, 2:12 PM

It looks like you have duplicate statements somewhere. Use `nginx -T` (uppercase `T`) to view the entire configuration across all included files.

78767

3/25/23, 3:17 PM

@RichardSmith yes, you’re right. But after I tracked down the duplication, another problem arose: there’re actually multiple top-level domains in my nginx config. If I move SSL configuration from a server block to the top level, then only one domain (e.g., `example.com`) will be working.

Richard Smith

3/25/23, 3:58 PM

In which case your original setup is probably the best you can achieve. If you have a large number of duplicated statements you could place them into an included file.

Score:0

Server

sri kumar

3/25/23, 11:07 AM

server {
    server_name another.example.com;
    root /usr/share/nginx/another.example.com;
    index index.html;

    location / {
        try_files $uri $uri/ =404;
    }

    listen [::]:443 ssl http2;
    listen 443 ssl http2;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
    listen 443 ssl;
    listen [::]:443 ssl;
    server_name www.another.example.com www.example.com example.com;
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    rewrite ^/(.*)$ https://another.example.com/$1 permanent;
}
server {
    listen 80;
    listen [::]:80;
    server_name www.another.example.com www.example.com another.example.com example.com;
    location / {
        if ($host !~* ^(www)) {
          rewrite ^/(.*)$ https://another.example.com/$1 permanent;
        }
    }
}

0 + 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Avoid duplication in nginx redirects config?

TH: หลีกเลี่ยงการทำซ้ำในการกำหนดค่าการเปลี่ยนเส้นทาง nginx หรือไม่

RO: Evitați duplicarea în configurația redirecționărilor nginx?

RU: Избежать дублирования в конфигурации перенаправления nginx?

VI: Tránh trùng lặp trong cấu hình chuyển hướng nginx?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.