Here is my wordpress’s NGINX configuration to redirect all the http and https traffic, from non-www/www into www.yodiaditya.com.
I’m using Letsencrypt SSL with Ubuntu for this.
Feel free to use this code:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 | server { server_name www.yodiaditya.com yodiaditya.com; listen 80; return 301 https://yodiaditya.com$request_uri; location ~ /\.well-known/acme-challenge/ { allow all; root /var/www/letsencrypt; try_files $uri =404; break; } } server { #Redirect https, non-www to https, www listen 443 ssl; server_name yodiaditya.com; location ~ /.well-known { allow all; root /var/www/letsencrypt/; } ssl_certificate /etc/letsencrypt/live/www.yodiaditya.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.yodiaditya.com/privkey.pem; return 301 https://www.yodiaditya.com$request_uri; } server { listen 443 ssl; listen [::]:443 ssl; server_name www.yodiaditya.com; ssl on; location ~ /\.well-known/acme-challenge/ { allow all; root /var/www/letsencrypt; try_files $uri =404; break; } ssl_certificate /etc/letsencrypt/live/www.yodiaditya.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/www.yodiaditya.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:ECDHE-RSA-AES128-GCM-SHA256:AES256+EECDH:DHE-RSA-AES128-GCM-SHA256:AES256+EDH:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; ssl_prefer_server_ciphers on; #ssl_session_cache shared:SSL:10m; ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS; # ciphers chosen for forward secrecy and compatibility # http://blog.ivanristic.com/2013/08/configuring-apache-nginx-and-openssl-for-forward-secrecy.html #ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4"; # enable session resumption to improve https performance # http://vincent.bernat.im/en/blog/2011-ssl-session-reuse-rfc5077.html # ssl_session_cache shared:SSL:50m; ssl_session_timeout 5m; # config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security # to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; add_header X-Content-Type-Options nosniff; add_header X-XSS-Protection "1; mode=block"; # add_header Content-Security-Policy "default-src ‘self’; script-src ‘self’ ‘unsafe-inline’ ‘unsafe-eval’ data: https://www.google-analytics.com/ https://ssl.google-analytics.com https://assets.zendesk.com https://connect.facebook.net https://maps.googleapis.com/ https://d1l7z5ofrj6ab8.cloudfront.net/ https://ajax.googleapis.com/; img-src ‘self’ data: https://mts.googleapis.com https://maps.gstatic.com/ https://d1l7z5ofrj6ab8.cloudfront.net/ https://csi.gstatic.com/ https://ssl.google-analytics.com https://maps.googleapis.com/ https://s-static.ak.facebook.com https://assets.zendesk.com; style-src ‘self’ ‘unsafe-inline’ data: https://d1l7z5ofrj6ab8.cloudfront.net/ https://csi.gstatic.com/ https://fonts.googleapis.com https://maxcdn.bootstrapcdn.com/ https://assets.zendesk.com; font-src ‘self’ https://fonts.gstatic.com/ https://maxcdn.bootstrapcdn.com/ https://themes.googleusercontent.com; child-src https://happyfoxchat.com https://assets.zendesk.com https://www.facebook.com https://s-static.ak.facebook.com https://tautt.zendesk.com; object-src ‘none’"; # add_header Public-Key-Pins ‘pin-sha256="TcmOEUd/PwZtaEDWppHx70TjB+IRGCe5ONIqcbMjBBk="; max-age=31536000; includeSubDomains’; root /myroot; client_body_timeout 460; client_header_timeout 460; send_timeout 460; client_max_body_size 10m; keepalive_timeout 300 300; access_log /var/log/nginx/access.log; index index.php index.html index.htm; location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location / { # This is cool because no php is touched for static content try_files $uri $uri/ /index.php?$args; } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # location ~ .php$ { fastcgi_send_timeout 3800; fastcgi_read_timeout 3800; fastcgi_connect_timeout 2800; fastcgi_pass unix:/var/run/php/php7.0-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~* .(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } # deny access to .htaccess files, if Apache document root # concurs with nginx one # location ~ /.ht { deny all; } } |