From 9b1d06a919c3465f7282a5d41c306350a5b5476c Mon Sep 17 00:00:00 2001
From: Martin Mahner <martin@mahner.org>
Date: Wed, 5 Jun 2013 20:44:31 +0200
Subject: [PATCH] Added a https www-to-non-www redirect.

---
 server/nginx.conf | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/server/nginx.conf b/server/nginx.conf
index 60bdef6..206f341 100644
--- a/server/nginx.conf
+++ b/server/nginx.conf
@@ -2,11 +2,14 @@ upstream app_server {
     server 127.0.0.1:12000 fail_timeout=0;
 }
 
+# -----------------------------------------------------------------------------
+# Redirect all sort of non-ssl (with and without www) to ssl without www
+# -----------------------------------------------------------------------------
 server {
     listen 80;
-    server_name dpaste.de dpaste.org;
-    
-    # Do not redirect to SSL for API calls (some clients dont support 
+    server_name dpaste.de www.dpaste.de dpaste.org www.dpaste.org;
+
+    # Do not redirect to SSL for API calls (some clients dont support
     # this automatically)
     location /api {
         include /srv/dpaste.de/src/dpaste/server/nginx_server_appforward.conf;
@@ -17,6 +20,9 @@ server {
     }
 }
 
+# -----------------------------------------------------------------------------
+# SSL Hosts
+# -----------------------------------------------------------------------------
 server {
     listen 443;
     server_name dpaste.de;
@@ -25,6 +31,12 @@ server {
     ssl_certificate /srv/dpaste.de/var/ssl/dpaste_de_unified.crt;
     ssl_certificate_key /srv/dpaste.de/var/ssl/dpaste_de.key;
 
+
+    # Rewrite www to non-www
+    if ($host ~ /^www\./) {
+        rewrite  ^/(.*)$  https://dpaste.de/$1 permanent;
+    }
+
     add_header Strict-Transport-Security max-age=25200;
 
     include /srv/dpaste.de/src/dpaste/server/nginx_server.conf;
@@ -33,12 +45,17 @@ server {
 server {
     listen 443;
     server_name dpaste.org;
-    
+
     ssl on;
     ssl_certificate /srv/dpaste.de/var/ssl/dpaste_org_unified.crt;
     ssl_certificate_key /srv/dpaste.de/var/ssl/dpaste_org.key;
 
     add_header Strict-Transport-Security max-age=25200;
 
+    # Rewrite www to non-www
+    if ($host ~ /^www\./) {
+        rewrite  ^/(.*)$  https://dpaste.org/$1 permanent;
+    }
+
     include /srv/dpaste.de/src/dpaste/server/nginx_server.conf;
 }