Get the most out of your Centmin Mod LEMP stack
Become a Member

Redundant Hostnames - Google

Discussion in 'Nginx, PHP-FPM & MariaDB MySQL' started by Sunka, Feb 1, 2016.

  1. Sunka

    Sunka Active Member

    888
    230
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +376
    Local Time:
    8:54 AM
    Nginx 1.13.3
    MariaDB 10.1.24
    Google said that he can not understand my redirection.
    I only want to use "https://www"
    Google said:
    My ssl conf:
    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For SPDY SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    server {
       server_name pijanitvor.com www.pijanitvor.com;
        return 301 https://www.$server_name$request_uri;
    }
    
    server {
      listen 443 ssl http2;
      server_name pijanitvor.com www.pijanitvor.com;
    
      ssl_dhparam /usr/local/nginx/conf/ssl/pijanitvor.com/dhparam.pem;
      ssl_certificate      /usr/local/nginx/conf/ssl/pijanitvor.com/ssl-unified.crt;
      ssl_certificate_key  /usr/local/nginx/conf/ssl/pijanitvor.com/pijanitvor.com.key;
      include /usr/local/nginx/conf/ssl_include.conf;
    
      # mozilla recommended
      ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA:!DES-CBC3-SHA;
      ssl_prefer_server_ciphers   on;
      #######add_header Alternate-Protocol  443:npn-spdy/3;
      #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
      #add_header  X-Content-Type-Options "nosniff";
      #add_header X-Frame-Options DENY;
      #######spdy_headers_comp 5;
      ssl_buffer_size 1400;
      ssl_session_tickets on;
     
      #enable ocsp stapling
      resolver 8.8.8.8 8.8.4.4 valid=10m;
      resolver_timeout 10s;
      ssl_stapling on;
      ssl_stapling_verify on;
      ssl_trusted_certificate /usr/local/nginx/conf/ssl/pijanitvor.com/ssl-trusted.crt; 
    
    # ngx_pagespeed & ngx_pagespeed handler
    #include /usr/local/nginx/conf/pagespeed.conf;
    #include /usr/local/nginx/conf/pagespeedhandler.conf;
    #include /usr/local/nginx/conf/pagespeedstatslog.conf;
    
      # limit_conn limit_per_ip 16;
      # ssi  on;
    
      access_log /home/nginx/domains/pijanitvor.com/log/access.log combined buffer=256k flush=60m;
      error_log /home/nginx/domains/pijanitvor.com/log/error.log;
    
      root /home/nginx/domains/pijanitvor.com/public;
    
      location / {
            index index.php index.html index.htm;
            try_files $uri $uri/ /index.php?$uri&$args;
        }
    
        location /internal_data/ {
            internal;
            allow 127.0.0.1;
            allow 46.101.130.248;
            deny all;
        }
       
        location /library/ {
            internal;
            allow 127.0.0.1;
            allow 46.101.130.248;
            deny all;
        }
     
      # prevent access to ./directories and files
            location ~ (?:^|/)\. {
       deny all;
            } 
    
    
      include /usr/local/nginx/conf/staticfiles.conf;
      include /usr/local/nginx/conf/php.conf;
      include /usr/local/nginx/conf/drop.conf;
      #include /usr/local/nginx/conf/errorpage.conf;
      include /usr/local/nginx/conf/vts_server.conf;
    }

    My non SSL conf is disabled, but here it is for reference:
    Code:
    server {
                listen   80;
                server_name pijanitvor.com;
                return 301 $scheme://www.pijanitvor.com$request_uri;
           }
    
    server {
        server_name www.pijanitvor.com;
    
        access_log /home/nginx/domains/pijanitvor.com/log/access.log combined buffer=256k flush=60m;
        error_log /home/nginx/domains/pijanitvor.com/log/error.log;
    
        root /home/nginx/domains/pijanitvor.com/public;
    
        location / {
            index index.php index.html index.htm;
            try_files $uri $uri/ /index.php?$uri&$args;
        }
    
        location /internal_data/ {
            internal;
            allow 127.0.0.1;
            allow 46.101.130.248;
            deny all;
        }
    
        location /library/ {
            internal;
            allow 127.0.0.1;
            allow 46.101.130.248;
            deny all;
        }
    
        include /usr/local/nginx/conf/staticfiles.conf;
        include /usr/local/nginx/conf/php.conf;
        include /usr/local/nginx/conf/drop.conf;
        include /usr/local/nginx/conf/vts_server.conf;
    }
    

    So, redirect looks fine to me, also when someone try non www or no https link, it redirect to https and www link, but what to do with Google?
    All I can see is this part that could confuse Google (in SSL conf):
    Code:
    server {
      listen 443 ssl http2;
      server_name pijanitvor.com www.pijanitvor.com;
    Any thoughts? Suggestions?
     
  2. eva2000

    eva2000 Administrator Staff Member

    29,053
    6,594
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,790
    Local Time:
    4:54 PM
    Nginx 1.13.x
    MariaDB 5.5
    see Nginx Vhost & NSD DNS Setup - CentminMod.com LEMP Nginx web stack for CentOS

    you have non-https non-www + www redirect to https www. But https non-www is still accessible with https www.

    the linked example is within https vhost for a www to non-www redirect
    Code:
       ##  redirect https www to https non-www
          if ($host = 'www.newdomain.com' ) {
             return 302 https://newdomain.com$request_uri;
          }
    you need to reverse that and place within the server context of the https vhost
    Code:
       ##  redirect https www to https non-www
          if ($host = 'newdomain.com' ) {
             return 302 https://www.newdomain.com$request_uri;
          }
    replace 302 with 301 after confirmed working

    Also make sure Google Analytics has a default domain property set in Admin > Property Settings > Default URL
     
    Last edited: Feb 1, 2016
    • Informative Informative x 1
  3. Sunka

    Sunka Active Member

    888
    230
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +376
    Local Time:
    8:54 AM
    Nginx 1.13.3
    MariaDB 10.1.24
    Non SSL conf I do not have to change because is disabled?

    For SSL conf I have to make this change.
    This will be OK I think?

    Code:
    # Centmin Mod Getting Started Guide
    # must read http://centminmod.com/getstarted.html
    # For SPDY SSL Setup
    # read http://centminmod.com/nginx_configure_https_ssl_spdy.html
    
    # redirect from www to non-www  forced SSL
    # uncomment, save file and restart Nginx to enable
    # if unsure use return 302 before using return 301
    server {
       server_name pijanitvor.com www.pijanitvor.com;
        return 301 https://www.$server_name$request_uri;
    }
    
    server {
      listen 443 ssl http2;
      server_name pijanitvor.com www.pijanitvor.com;
    
        ##  redirect https non-www to https www
          if ($host = 'pijanitvor.com' ) {
             return 301 https://www.pijanitvor.com$request_uri;
          }
     
    Last edited: Feb 1, 2016
  4. eva2000

    eva2000 Administrator Staff Member

    29,053
    6,594
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +9,790
    Local Time:
    4:54 PM
    Nginx 1.13.x
    MariaDB 5.5
    use 302 to test first then if okay switch to 301
     
    • Like Like x 1
  5. Sunka

    Sunka Active Member

    888
    230
    43
    Oct 31, 2015
    Rijeka, Croatia
    Ratings:
    +376
    Local Time:
    8:54 AM
    Nginx 1.13.3
    MariaDB 10.1.24
    Working (y)

    For non SSL conf file, I don't have to do anything because it is disabled (not in use) -
    renamed to pijanitvor.com.conf-disabled?
     
    • Like Like x 1