sslhttp-redirectnginxdigital-oceanghost

SSL redirection and authentication on Ghost blog with Nginx


I have a blog about Ghost on DigitalOcean. The same is served by Nginx, with the following configuration file:

server {
    listen 443 ssl;
    server_name www.example.com;
    return 301 $scheme://example.com$request_uri;
}

server {
    listen 443 ssl;
    server_name example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    include snippets/ssl-params.conf;

    location / {
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host $http_host;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_pass http://127.0.0.1:2825;
    }
}

The certificates were generated with Let's Encrypt, both for the domain with and without www. In the Ghost config.js file, the URL is written with the rules to take the SSL: https://example.com/ The problem is that when I enter my blog, My domain without wwww, login correctly and with SSL, but when I try to login with https://www.example.com I get an SSL certificate authentication error. I really do not understand what the problem might be here. I need that when entering my domain with www I redirect to the domain, but without the www. This operation I have done before with other applications node without problem, with the same configuration code above.


Solution

  • This is my Nginx configuration file, where I am serving a blog with Ghost. The certificate is generated with Let's Encrypt, and works correctly for both domains. The disadvantage is given when performing the 301 redirection, since it does not work correctly because the domain with www tells me that the certificate is not valid, however if I try to make the redirection to the reverse, from not www to www, it shows me the Same message, but for the domain without www:

    server {
        listen 80;
        server_name www.example.com;
        return 301 https://example.com$request_uri;
    }
    
    server {
        listen 80;
        server_name example.com;
        return 301 https://www.example.com$request_uri;
    }
    
    server {
        listen 443;
        server_name example.com;
        return 301 https://www.example.com$request_uri;
    }
    
    server {
        listen 443;
        server_name www.example.com;
    
        ssl on;
        ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/domain.com/privkey.pem;
    
        include snippets/ssl-params.conf;
    
        location / {
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header Host $http_host;
                proxy_set_header X-NginX-Proxy true;
                proxy_pass http://localhost:9002/;
                proxy_redirect off;
        }
    }
    

    Currently, I am using a droplet of Digital Ocean, where I have configured 3 fields A, a field A with the value * that is directed to the IP of the virtual machine, a field @ that also addresses the IP of the server, and Finally a field A with value www that goes to the IP of my server.