Redirect non-www to www on ssl

I set up SSL with letsencrypt option and everything is great except I cannont forward the non-www version of the ssl site to the www version. I tried adding

 server_name domain.com;

 return 301 https://www.domain.com$request_uri;

to the /var/www/domain.com/conf/nginx/ssl.conf as well as the /etc/nginx/conf.d/force-ssl-.conf but neither worked. The first one results in a redirect loop and the later outputs:

nginx: [warn] conflicting server name "domain.com" on 0.0.0.0:443, ignored
nginx: [warn] conflicting server name "www.domain.com" on 0.0.0.0:443, ignored

Any thoughts on how to make this happen?

To redirect non-www to www you need to create a file (redirect.conf) in this folder /etc/nginx/conf.d

in this file you add

server { server_name domain.com; return 301 https://www.domain.com$request_uri; }

From my side I’m trying to add a SSL certificate that I bought, but I didn’t find where to add

server { listen 443; server_name example.com; ssl on; ssl_certificate /var/www/example.com/cert/example.com.crt; ssl_certificate_key /var/www/example.com/cert/example.com.key; #… other stuff }

if you please can you send me the content of these files (don’t forget to remove your domain)

/var/www/domain.com/conf/nginx/ssl.conf /etc/nginx/conf.d/force-ssl-.conf

it may help me find a solution for my challenge!

Yes, put your code in `/var/www/domain.com/conf/nginx/ssl.conf. Here is mine.

listen 443 ssl http2;

server_name domain.com;

ssl on;
ssl_certificate     /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key     /etc/letsencrypt/live/domain.com/privkey.pem;

In this file, /etc/nginx/conf.d/force-ssl-.conf I already have the redirect set up for port 80, but I cannot seem to redirect port 443?

server {
    listen 80;
    server_name domain.com www.domain.com;
    return 301 https://www.domain.com$request_uri;
}

Here’s how I do it. Firstly, put just the SSL cert stuff in /var/www/domain.com/conf/nginx/ssl.conf e.g.:

ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;

‘ssl on’ isn’t required.

In domain.com’s nginx vhost file - /etc/nginx/sites-available/domain.com - I use this (it’s a PHP 7 site):

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name domain.com;
    include /var/www/domain.com/conf/nginx/*.conf;
    return 301 https://www.domain.com$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.domain.com;
    
    access_log /var/log/nginx/domain.com.access.log rt_cache;
    error_log /var/log/nginx/domain.com.error.log;
    
    root /var/www/domain.com/htdocs;
        
    index index.php index.html index.htm;
    
    include common/wpfc-php7.conf;      
    include common/wpcommon-php7.conf;
    include common/locations-php7.conf;
    include /var/www/domain.com/conf/nginx/*.conf;
}

server {
    listen 80;
    listen [::]:80;
    server_name domain.com www.domain.com;
    return 301 https://www.domain.com$request_uri;
}

Works perfectly (and means you don’t require a ‘force-ssl.conf’ file in /etc/nginx/conf.d/).

1 Like

Thank you, now everything is up and running.

Thanks @purbeckpixels. Thats what I needed.

Thank you, saved me few hours of experimenting

I have 2 sites, followed your guide, now I’m getting

www.mydomain.com page isn’t working www.mydomain.com redirected you too many times.

ERR_TOO_MANY_REDIRECTS

Any ideas?

Getting same problem !

Well, I have created a site as www.abcde.com while initiating a WordPress installation; this solved the problem.

This is supper strange - I just spent like 10 hours trying to workout why my site is not working. Where the heck is the redirection to www stored?

In the end I also noted that the only way to have the site use www. is to create it that way. However I cannot see any difference in the site-avalailbe/domain.com.conf file!

If you setup your site as usual with nginy - you get no database connection - as www.domain.com as server_name seems to whack everything up. I even fully put in a working nginx.conf from my old server - not using any of the filed usually included with “include” - and well got a redirect loop too.

Oh and this should be a high priority item on any guide on migrating your site into easyengine. Right now if your site is www - you’ll freak out.

There is something terribly wrong here.

I always create my sites with ee site create domain.com --le --wpredis --php7.

If I want it with www I just do:

cd /var/www/domain.com/htdocs/
wp option set home https://www.domain.com
wp option set site_url https://www.domain.com

Just because I’m a bit paranoid I also like to:

wp search-replace https://domain.com https://www.domain.com

It’s done, WP will take care itself of redirecting to the right URL as configured above.

1 Like

seems to work somehow - however I just tried it out and it would not redirect the homepage(meaning frontpage domain.com/) to www. So the 301 should work - why is there a loop in the redirect? The same rules just worked fine on my old server.

okay - after lots of trying I think there was a problem with redis cache.

It works without those rules - however as I cannnot use let’s encrypt it’s getting tedious. I need ssl and if I do a site update/site create and have the ssl rules - by default http:// redirect is not active.

However I cannot put a server directive into the /var/www/domain.com/conf/nginx/ folder - as it’s not allowed. So I need to add it to the normal server config - where it will get deleted on any “site update domain.com” command.

So my ssl.conf looks like this: listen 443 ssl http2; listen [::]:443 ssl http2 ; ssl on; ssl_certificate /var/www/ssl/openmtbmap6.crt; ssl_trusted_certificate /var/www/ssl/trusted6.crt; ssl_certificate_key /var/www/ssl/openmtbmap6.key;

that’s fine.

and I have to add the following lines to my normal .conf else the http:// to https:// forward is not active: server { listen 80; listen [::]:80; server_name www.domain.com domain.com; return 301 https://www.domain.com$request_uri; }

this will be deleted on any ee site domain.com update.

dunno why this is not needed for a website setup with --letsencrypt switch though. And yeah still don’t understand where this redirect comes from - as on my old nginx setup I just put the 301 into the server block to www - and it was fine… here it’s not accepted.

There really should be a switch like --ssl which means you will install your own ssl cert - but not need for the listen 80 server block