wip v1.24 redirects (HTTP)

diff --git a/etc/nginx/conf.d/default.conf b/etc/nginx/conf.d/default.conf
index ab0a8ed069502251f424fbbad65d243ddd5d4adc..4aef52526379ee316f76641ccfde19ea42e88145 100644 (file)
--- a/etc/nginx/conf.d/default.conf
+++ b/etc/nginx/conf.d/default.conf
@@ -4,6 +4,14 @@ upstream dev.nutra.tk {
   # server unix:/tmp/sanic.sock;
 }
 
+# Redirect all HTTP to HTTPS with no-WWW
+server {
+  listen 80 default_server;
+  listen [::]:80 default_server;
+  server_name ~^(?:www\.)?(.*)$;
+  return 301 https://$1$request_uri;
+}
+
 server {
   server_name dev.nutra.tk;
   # listen 80 default_server;
@@ -72,6 +80,10 @@ server {
   ssl_certificate_key /etc/letsencrypt/live/dev.nutra.tk/privkey.pem; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
+
+  if ($host = www.dev.nutra.tk) {
+    return 301 https://dev.nutra.tk$request_uri;
+  }
 }
 
 
@@ -94,22 +106,13 @@ server {
 #}
 
 
-# Redirect all HTTP to HTTPS with no-WWW
-server {
-  listen 80 default_server;
-  listen [::]:80 default_server;
-  server_name ~^(?:www\.)?(.*)$;
-  return 301 https://$1$request_uri;
-}
-
-
 # Redirect WWW to no-WWW
-server {
-  listen 443 ssl http2;
-  listen [::]:443 ssl http2;
-  server_name ~^www\.(.*)$;
-  return 301 $scheme://$1$request_uri;
-}
+#server {
+#  listen 443 ssl http2;
+#  listen [::]:443 ssl http2;
+#  server_name ~^www\.(.*)$;
+#  return 301 $scheme://$1$request_uri;
+#}
 
 
 # TODO: if is evil