Igor Sysoev Wrote:
-------------------------------------------------------
> On Mon, Nov 09, 2009 at 05:34:11PM +0700, Glen
> Lumanau wrote:
>
> > So I can't use such a configuration
> >
> > server {
> > listen 443;
> > rewrite (^.*) https://www.mydomain.com$1
> permanent; }
> >
> > ?
>
> The following configuration should work:
>
> server {
> listen 192.168.1.1:443;
> server_name mydomain.com;
> ssl on;
> ssl_certificate
> /path/to/wildcard.certifcate;
> ...
> }
>
> server {
> listen 192.168.1.1:443;
> server_name *.mydomain.com;
> ssl on;
> ssl_certificate
> /path/to/wildcard.certifcate;
> rewrite ^
> https://www.mydomain.com$request_uri? permanent; }
> }
>
> Please note, that you should use the same wildcard
> certifcate in both
> servers.
>
> > -----Original Message-----
> > From: owner-nginx@sysoev.ru On Behalf Of Igor
> > Sysoev
> > Sent: 09 Nopember 2009 17:30
> > To: nginx@sysoev.ru
> > Subject: Re: How to redirect all SSL traffic?
> >
> > On Mon, Nov 09, 2009 at 10:23:33AM +0000, Glen
> Lumanau wrote:
> >
> > > My question is,
> > >
> > > Is that posibble to redirect all the traffic
> to www?
> >
> > With the "*.mydomain.com" certificate the answer
> is YES.
> >
> > >
> > > Best Regards,
> > >
> > > Glen Lumanau
> > >
> > >
> > > -----Original Message-----
> > > From: Maxim Dounin
> > > Date: Mon, 9 Nov 2009 13:17:43
> > > To:
> > > Subject: Re: How to redirect all SSL traffic?
> > >
> > > Hello!
> > >
> > > On Mon, Nov 09, 2009 at 08:11:23AM +0000, Glen
> Lumanau wrote:
> > >
> > > > Yes I have a valid ssl for www.mydomain.com.
> I don't have a license for
> > mydomain.com
> > > >
> > > > That's why I want to redirect all traffic
> goes to mydomain.com to
> > www.mydomain.com
> > >
> > > As long as you have no valid cert for
> mydomain.com - you can't
> > > handle requests in this domain without
> warnings from browsers. No
> > > way.
> > >
> > > Maxim Dounin
> > >
> > >
> > > >
> > > >
> > > > Best Regards,
> > > >
> > > > Glen Lumanau
> > > >
> > > >
> > > > -----Original Message-----
> > > > From: Igor Sysoev
> > > > Date: Mon, 9 Nov 2009 10:57:18
> > > > To:
> > > > Subject: Re: How to redirect all SSL
> traffic?
> > > >
> > > > On Mon, Nov 09, 2009 at 08:49:56AM +0700,
> Glen Lumanau wrote:
> > > >
> > > > > I tried this, but still doesn't works
> > > >
> > > > What do you mean by "doesn't work" ? Browser
> shows a warning about
> > invalid
> > > > certificate ? In this case you need two
> certificates: for
> > "www.domain.com"
> > > > and "mydomain.com" and you should configure
> servers on different IP
> > addreses.
> > > > Or you can use a certificate with two
> Subject Alternate Names for
> > > > "domain.com" and "www.domain.com". Then you
> may use the certificate in
> > > > both server with single IP address.
> > > >
> > > > > -----Original Message-----
> > > > > From: Alex Hunsaker
> > > > > Sent: 09 Nopember 2009 5:11
> > > > > To: glen@lumanau.web.id
> > > > > Cc: nginx@sysoev.ru
> > > > > Subject: Re: How to redirect all SSL
> traffic?
> > > > >
> > > > > On Sun, Nov 8, 2009 at 03:31, Glen Lumanau
>
> > wrote:
> > > > >
> > > > > [ please keep the mailing list cc'ed ]
> > > > >
> > > > > > Try port 80...
> > > > >
> > > > > >> On port 80 is sucessfull. Is there any
> way to do that on port 443?
> > > > >
> > > > > Ahh ok so you want http://mydomain.com and
> https://mydomain.com to go
> > > > > to https://www.mydomain.com.
> > > > >
> > > > > Sure something like:
> > > > > server {
> > > > > listen 80;
> > > > > rewrite (^.*) https://www.mydomain.com$1
> permanent;
> > > > > }
> > > > >
> > > > > # config for https://www.mydomain.com
> > > > > server {
> > > > > listen 443;
> > > > > ...
> > > > > if ($host !~ www\.mydomain\.com) {
> > > > > rewrite ^(.*) https://www.mydomain.com$1
> permanent;
> > > > > }
> > > > >
> > > > > }
> > > > >
> > > >
> > > > --
> > > > Igor Sysoev
> > > > http://sysoev.ru/en/
> > > >
> > >
> >
> > --
> > Igor Sysoev
> > http://sysoev.ru/en/
> >
>
> --
> Igor Sysoev
> http://sysoev.ru/en/

Some plain SSL certificates work with both www and non-www without being a wildcard certificate. I just learned that the $10/year PositiveSSL that I got free from domain registration at http://www.namecheap.com/learn/ssl-certificates/free-positive-ssl-certificates.asp has this feature, although they don't list it on their website.

server {
listen 443;
server_name mydomain.com;

rewrite ^ https://www.mydomain.com$request_url permanent;

ssl on;
ssl_certificate /etc/ssl/certs/mydomain.com.crt;
ssl_certificate_key /etc/ssl/private/mydomain.com.key;
}

server {
listen 443;
server_name www.mydomain.com;

ssl on;
ssl_certificate /etc/ssl/certs/mydomain.com.crt;
ssl_certificate_key /etc/ssl/private/mydomain.com.key;

...
}

Works fine with the cheapo PositiveSSL cert. It looks like some companies use the feature to upsell you to their premium cert: http://www.geocerts.com/ssl/quicksslpremium