server {listen80;listen443 ssl;;return301$request_uri;}server {listen80;;return301https://$host$request_uri;}server {listen 443ssl default_server; #注意default_server须加;#其他配置}
需要注意的是 非www主域名必须要有证书支持,如果上面不行,使用下面的:
server {listen 443 ssl;ssl_certificate /etc/letsencrypt/live/xxxx/fullchain.pem;ssl_certificate_key /etc/letsencrypt/live/xxx/privkey.pem;server_name ;return 301 $request_uri;}server {listen 80;server_name ;return 301 https://$request_uri;}server {listen 443 ssl default_server;ssl_certificate /etc/letsencrypt/live/xxx/fullchain.pem;ssl_certificate_key /etc/letsencrypt/live/xxx/privkey.pem;server_name ;.............. #正常使用的server段}
如果有移动端或其他二级域名则如下:
server {listen 80;listen 443 ssl;ssl_certificate /etc/letsencrypt/live/xxxx/fullchain.pem;ssl_certificate_key /etc/letsencrypt/live/xxx/privkey.pem;server_name ;return 301 $request_uri;}server {listen 80;server_name *.;return 301 https://$host$request_uri;}server {listen 443 ssl default_server;ssl_certificate /etc/letsencrypt/live/xxx/fullchain.pem;ssl_certificate_key /etc/letsencrypt/live/xxx/privkey.pem;server_name ;.............. #正常使用的server段}