There are lots of server blocks that refer to an old domain that setup lots of things like redirects and error pages with complicated rules. I need to put all those rules on a new domain and any request to the old domain should be directed to the new one.
I don’t want to duplicate all the rules because something can be missed so I want to change all server_name from old to new and add a new server for the old one that has return 301 https://$host$request_uri;. Is that all I need to do or is it more complicated?
The only thing that can’t be recycled for the old and new domains are the ssl_certificate.
Your proposal sounds fine. You’ll indeed just need to make sure that your new server {} block, handling the old domains with server_name <old_domain>; can decrypt SSL to handle redirection, hence make sure you make available to it all the old domains certificates.
From my understanding of your situation, this would require dynamically (with a variable) selecting the certificate to use for each domain (or creating as many old virtual servers as there are domains).
Maybe to illustrate this would be an example of the new virtual server to setup:
map $ssl_server_name $new_domain {
hostnames;
1.old.domain.com 1.new.domain.com;
2.old.domain.com 2.new.domain.com;
3.old.domain.com 3.new.domain.com;
default default.new.domain.com;
}
server {
listen 443 ssl;
server_name 1.old.domain.com 2.old.domain.com 3.old.domain.com;
# assuming you have certificates in files /path/to/1.old.domain.com.crt /path/to/2.old.domain.com.crt and /path/to/3.old.domain.com.crt
ssl_certificate /path/to/$ssl_server_name.crt;
# same for keys
ssl_certificate_key /path/to/$ssl_server_name.key;
location / {
return 301 https://$new_domain$request_uri
}
}
I did not directly test this, but from my experience this would work quite fine, hopefully it at least gives interesting pointers. Let me know if this helps. Cheers.
The redirection is working I will try your idea with the variables. After I put all the rules on new domain I don’t want to redirect the old domain from the beginning in case something goes wrong. For a while I want to try rewriting the old domain so the user sees the old domain but all the rules and redirects and certificates are using the new domain’s rules.
The new domain will have lots of server blocks and the old domain should have just one server block to rewrite to the new domain. I have never used rewrites is it the same concept like your solution for the redirects? Can I only change return 301 https://$new_domain$request_uri to a rewrite rule?
You old domain’s server block may indeed just proxy_pass internally to your new domain. This would allow the old domain server block to still process your request without redirect, and use the actual logic you’ll have implemented in the new server blocks.
You old domain’s server block may also use rewrite as you suggest, to make sure Location headers are properly re-rewritten. You may also need to use a sub_filter if you have content or links in the payload returned by the backend.