Hi,
I’m using nginx with SSL, and I want to always redirect to www,
regardless of whether the request is http or https. I just want to
redirect to the respective protocol but with www.
I have the port 80 server block working fine. Beneath my first server
block I have…
server {
listen 80;
server_name example.com;
return 301 http://www.example.com$request_uri;
}
and this works fine. But for my port 443 server block for https, I have
all kinds of information inside regarding ssl on and different ciphers
to use.
I really don’t want to mess up anything up related to security by doing
something stupid… so my question is on this second block for port 443
underneath the first one…
server {
listen 443;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
do I need anything else? do I need ssl on or any other security related
things? If they visit non-www does that mean it transfers the request
insecurely or something (even for a split second while its redirecting?)
Just want to make sure what I have is solid and secure. It seems to work
but I want to double check.
Thanks!