Nginx HTTP 到 HTTPS 重定向仅适用于一个服务器名称？

我一天中大部分时间都在尝试通过 nginx 将 http 重定向到 https，这很困难。我检查了几个 stackoverflow 问题以及互联网上的一些文章。我终于得到了 http 到 https 的重定向，但仅限于直接 IP 地址，而不是我要使用的域。

换句话说，http://12.345.67.890重定向到https://app.example.com，但http://app.example.com不会重定向到https:// app.example.com.

这是预期的吗？我在这里不明白什么？

我网站的配置文件

upstream appupstream {
    server 0.0.0.0:3555;
}

server {
    error_log /var/log/nginx/error.log warn;
    listen [::]:80;
    listen 80;
    server_name app.example.com 12.345.67.890;
    return 301 https://$server_name$request_uri;
    access_log /var/log/nginx/access.log;

    root /home/ec2-user/app/public;

    proxy_set_header X-Forwarded-Proto $scheme;

    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass https://appupstream;
    }
}

当我卷曲这些网站时，标题似乎支持我在浏览器中看到的内容：

IP 卷曲结果

$ curl -I -L http://12.345.67.890
HTTP/1.1 301 Moved Permanently  // <-- Note the permanent redirect on the ip
Server: nginx/1.12.1
Date: Sat, 03 Nov 2018 19:30:10 GMT
Content-Type: text/html
Content-Length: 185
Connection: keep-alive
Location: https://app.example.com/

HTTP/2 200
date: Sat, 03 Nov 2018 19:30:10 GMT
content-type: text/html; charset=utf-8
content-length: 4856
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block
x-content-type-options: nosniff
x-download-options: noopen
strict-transport-security: max-age=15778476; includeSubDomains
p3p: ABCDEF

域卷曲结果

$ curl -I -L http://app.example.com
HTTP/1.1 200 OK                     // <-- No permanent redirect on domain
Date: Sat, 03 Nov 2018 19:30:39 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 4856
Connection: keep-alive
X-FRAME-OPTIONS: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
X-Download-Options: noopen
Strict-Transport-Security: max-age=15778476; includeSubDomains
P3P: ABCDEF

我已成功运行

nginx -t

，并且每次更新文件时我都使用了

nginx reload

和

nginx restart

。我已清除所有浏览数据（cookie 等）并重新访问，但此行为仍然存在。任何建议/指导将不胜感激！

server 
{

        listen 443 default ssl;
        listen [::]:443 ssl;
        root /var/www/html/api_mobile/public;

        include snippets/ssl-params.conf;

        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-Content-Type-Options "nosniff";
        index index.html index.php index.htm index.nginx-debian.html;

        server_name sitename.com;

        charset utf-8;
        location / {
             if ($scheme ="http") {
                # redirect all non api traffic to https block
                return 301 https://$server_name$request_uri;
             }           

            try_files $uri $uri/ /index.php?$query_string;
        }

        location = /favicon.ico { access_log off; log_not_found off; }
        location = /robots.txt  { access_log off; log_not_found off; }


        error_page 404 /index.php;
        location ~ \.php$ {
            fastcgi_pass unix:/run/php/php8.2-fpm.sock;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            include fastcgi_params;
        }

    ssl_certificate /etc/letsencrypt/live/sites/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/site/privkey.pem; # managed by Certbot
}

if ($scheme ="http") 
{
                # redirect all non api traffic to https block
                return 301 https://$server_name$request_uri;
}