为什么我的 nginx 配置允许访问 app.domain.com?

Why is my nginx config allowing access to app.domain.com?

我有一个名为 app 的子域,它通过 DNS 指向我的主机,但我不想将它用于我当前使用子域 xyz 的网站。如果我转到 https://app.domain.com I get the "Your connection is not private" error. This is good that the browser shows this but I don't want anyone to even access this subdomain at the moment. I would prefer to redirect them to https://xyz.domain.com,其中我有一个有效的 SSL。请在下面查看我的配置并帮助我找出我缺少的内容。提前致谢。

server {
    listen 80;
    listen [::]:80;
    server_name xyz.domain.com;

    location /.well-known/acme-challenge/ {
        root /var/www/certbot;
    }

    location / {
        return 301 https://xyz.domain.com$request_uri;
    }
}

server {
    # For https
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server ipv6only=on;
    server_name xyz.domain.com;

    if ($http_host = app.domain.com) {
        rewrite ^ https://xyz.domain.com$request_uri? permanent;
    }

    ssl_certificate /etc/letsencrypt/live/xyz.domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xyz.domain.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

    root /var/www/public;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
    }

    location ~ \.php$ {
        try_files $uri /index.php =404;
        fastcgi_pass php-upstream;
        fastcgi_index index.php;
        fastcgi_buffers 16 16k;
        fastcgi_buffer_size 32k;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        #fixes timeouts
        fastcgi_read_timeout 600;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}

如果您不希望用户收到安全警告,您需要设置辅助服务器配置并配置 certbot 以获得 app.domain.com:

的证书
server {
    listen 443;
    listen [::]:443 ssl ipv6only=on;
    server_name app.domain.com;

    rewrite ^ https://xyz.domain.com$request_uri? permanent;

    ssl_certificate /etc/letsencrypt/live/app.domain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/app.domain.com/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}