Nginx将Http重定向到Https – 这里有什么问题?

我有一个Nginx服务器,它应该将所有请求从http://www.domain.comhttp://domain.com以及https://domain.com重定向https://www.domain.com

所以有或没有www和有或没有ssl我希望用户总是到达https://www.domain.com.

在阅读了Nginx文档并在google上进行研究后,这是我当前的Nginx配置:

server {
  listen 80;
  server_name .domain.com;
  return 301 https://www.domain.com$request_uri;
}

server {
  listen                       443 ssl;
  server_name                  .domain.com;
  ssl_certificate              /etc/ssl/private/[pem file];
  ssl_certificate_key          /etc/ssl/private/[key file];
  ssl_session_timeout          5m;
  ssl_protocols                SSLv3 TLSv1;
  ssl_ciphers                  HIGH:!ADH:!MD5;
  ssl_prefer_server_ciphers    on;
  keepalive_timeout            70;
  ###
  ### Deny known crawlers.
  ###
  if ($is_crawler) {
    return 403;
  }
  location / {
    proxy_pass                 http://Nginx_http;
    proxy_redirect             off;
    proxy_set_header           Host              $host;
    proxy_set_header           X-Real-IP         $remote_addr;
    proxy_set_header           X-Forwarded-By    $server_addr:$server_port;
    proxy_set_header           X-Forwarded-For   $proxy_add_x_forwarded_for;
    proxy_set_header           X-Local-Proxy     $scheme;
    proxy_set_header           X-Forwarded-Proto $scheme;
    proxy_pass_header          Set-Cookie;
    proxy_pass_header          Cookie;
    proxy_pass_header          X-Accel-Expires;
    proxy_pass_header          X-Accel-Redirect;
    proxy_pass_header          X-This-Proto;
    proxy_connect_timeout      300;
    proxy_send_timeout         300;
    proxy_read_timeout         300;
    proxy_buffer_size          4k;
    proxy_buffers              4 32k;
    proxy_busy_buffers_size    64k;
    proxy_temp_file_write_size 64k;
    access_log                 off;
    log_not_found              off;
  }
 50 }

发生的情况是http://domain.com的请求被正确地重定向https://www.domain.com但是没有重定向http://www.domain.com的请求(并且网站是在没有ssl的情况下交付的).

更新:

由于这是BOA(Barracuda Octopus Aegir)设置的服务器的一部分,因此有几个配置文件在使用中.这也是加载的Nginx.conf:

# Aegir web server main configuration file

#######################################################
###  Nginx.conf main
#######################################################

 ## FastCGI params
  fastcgi_param  SCRIPT_FILENAME     $document_root$fastcgi_script_name;
  fastcgi_param  QUERY_STRING        $query_string;
  fastcgi_param  REQUEST_METHOD      $request_method;
  fastcgi_param  CONTENT_TYPE        $content_type;
  fastcgi_param  CONTENT_LENGTH      $content_length;
  fastcgi_param  SCRIPT_NAME         $fastcgi_script_name;
  fastcgi_param  REQUEST_URI         $request_uri;
  fastcgi_param  DOCUMENT_URI        $document_uri;
  fastcgi_param  DOCUMENT_ROOT       $document_root;
  fastcgi_param  SERVER_PROTOCOL     $server_protocol;
  fastcgi_param  GATEWAY_INTERFACE   CGI/1.1;
  fastcgi_param  SERVER_SOFTWARE     ApacheSolaris/$Nginx_version;
  fastcgi_param  REMOTE_ADDR         $remote_addr;
  fastcgi_param  REMOTE_PORT         $remote_port;
  fastcgi_param  SERVER_ADDR         $server_addr;
  fastcgi_param  SERVER_PORT         $server_port;
  fastcgi_param  SERVER_NAME         $server_name;
  fastcgi_param  USER_DEVICE         $device;
  fastcgi_param  GEOIP_COUNTRY_CODE  $geoip_country_code;
  fastcgi_param  GEOIP_COUNTRY_CODE3 $geoip_country_code3;
  fastcgi_param  GEOIP_COUNTRY_NAME  $geoip_country_name;
  fastcgi_param  REDIRECT_STATUS     200;
  fastcgi_index  index.PHP;

 ## Default index files
  index         index.PHP index.html;

 ## Size Limits
  client_body_buffer_size        64k;
  client_header_buffer_size      32k;
  client_max_body_size          100m;
  large_client_header_buffers 32 32k;
  connection_pool_size           256;
  request_pool_size               4k;
  server_names_hash_bucket_size  512;
  server_names_hash_max_size    8192;
  types_hash_bucket_size         512;
  map_hash_bucket_size           192;
  fastcgi_buffer_size           128k;
  fastcgi_buffers             256 4k;
  fastcgi_busy_buffers_size     256k;
  fastcgi_temp_file_write_size  256k;

 ## Timeouts
  client_body_timeout             60;
  client_header_timeout           60;
  send_timeout                    60;
  lingering_time                  30;
  lingering_timeout                5;
  fastcgi_connect_timeout         60;
  fastcgi_send_timeout           300;
  fastcgi_read_timeout           300;

 ## Open File Performance
  open_file_cache max=8000 inactive=30s;
  open_file_cache_valid          60s;
  open_file_cache_min_uses         3;
  open_file_cache_errors          on;

 ## FastCGI Caching
  fastcgi_cache_path /var/lib/Nginx/speed
                     levels=2:2:2
                     keys_zone=speed:10m
                     inactive=15m
                     max_size=3g;

 ## General Options
  ignore_invalid_headers          on;
  limit_conn_zone $binary_remote_addr zone=gulag:10m;
  recursive_error_pages           on;
  reset_timedout_connection       on;
  fastcgi_intercept_errors        on;
  server_tokens                  off;
  fastcgi_hide_header         'Link';
  fastcgi_hide_header  'X-Generator';
  fastcgi_hide_header 'X-Powered-By';
  fastcgi_hide_header 'X-Drupal-Cache';

 ## TCP options moved to /etc/Nginx/Nginx.conf

 ## SSL performance
  ssl_session_cache   shared:SSL:10m;
  ssl_session_timeout            10m;

 ## GeoIP support
  geoip_country /usr/share/GeoIP/GeoIP.dat;

 ## Compression
  gzip_buffers      16 8k;
  gzip_comp_level   5;
  gzip_http_version 1.0;
  gzip_min_length   10;
  gzip_types        text/plain text/css application/x-javascript text/xml application/xml application/xml+RSS text/javascript;
  gzip_vary         on;
  gzip_proxied      any;
  add_header Vary "Accept-Encoding";
  gzip_static       on;
  upload_progress uploads 1m;

 ## Log Format
  log_format        main '"$proxy_add_x_forwarded_for" $host [$time_local] '
                         '"$request" $status $body_bytes_sent '
                         '$request_length $bytes_sent "$http_referer" '
                         '"$http_user_agent" $request_time "$gzip_ratio"';

  client_body_temp_path  /var/lib/Nginx/body 1 2;
  access_log             /var/log/Nginx/access.log main;
  error_log              /var/log/Nginx/error.log crit;

# Extra configuration from modules:
#######################################################
###  Nginx default maps
#######################################################

###
### Support separate Boost and Speed Booster caches for varIoUs mobile devices.
###
map $http_user_agent $device {
  default                                                                normal;
  ~*Nokia|BlackBerry.+MIDP|240x|320x|Palm|NetFront|Symbian|SonyEricsson  mobile-other;
  ~*iPhone|iPod|Android|BlackBerry.+AppleWebKit                          mobile-smart;
  ~*iPad|Tablet                                                          mobile-tablet;
}

###
### Set a cache_uid variable for authenticated users (by @brianmercer and @perusio,fixed by @omega8cc).
###
map $http_cookie $cache_uid {
  default  '';
  ~SESS[[:alnum:]]+=(?PHP.+src|system\(.+|document\.cookie|\;|\.\.  is_denied;
}

#######################################################
###  Nginx default server
#######################################################

server {
  limit_conn   gulag 32; # like mod_evasive - this allows max 32 simultaneous connections from one IP address
  listen       *:80;
  server_name  _;
  location / {
     root   /var/www/Nginx-default;
     index  index.html index.htm;
  }
}

#######################################################
###  Nginx virtual domains
#######################################################

# virtual hosts
include /var/aegir/config/server_master/Nginx/pre.d/*;
include /var/aegir/config/server_master/Nginx/platform.d/*;
include /var/aegir/config/server_master/Nginx/vhost.d/*;
include /var/aegir/config/server_master/Nginx/post.d/*;

在最后包含的目录中,定义了一些监听特定子域的服务器(由aegir设置).我认为这些不会影响我们.

更新2:

感谢davismwfl和Melvyn为您输入.现在它变得有趣了:

server {
  listen 80;
  server_name www.domain.com;
  return 301 https://www.domain.com$request_uri;
}

当我创建一个只应重定向http://www.domain.comhttps://www.domain.com的服务器时,请求被重定向到https:// ..然后卡在重定向循环中.

如果由于某种原因我理解这一点,那么应该监听端口80的服务器也会监听https请求并再次尝试重定向请求.

你知道为什么?

任何想法可能是什么问题或为什么它做它的作用?

非常感谢,马丁

最佳答案
所以,我这样做是相反的.前几天我确实遇到了这个问题.有一点是订单被认为是重要的,我真的应该把“重写”规则改为“返回301 ……”但是我很懒,并没有这样做,因为我有点匆忙.

这是我的配置的片段

#
# Rewrite any http requests for domain.com to https.
#
server {
   listen       80;
   server_name domain.com;
   return 301 https://domain.com$request_uri;
}
#
# Rewrite any http requests for www.domain.com to domain.com
# using SSL
#
server {
   listen 80;
   server_name www.domain.com;
   rewrite ^/(.*) https://domain.com/$1 permanent;
}

#
# The domain.com website
#
server {
   listen       443 ssl;
    server_name  domain.com;

    ssl_certificate /etc/Nginx/conf.d/[crt];
    ssl_certificate_key /etc/Nginx/conf.d/[key];
    ... Bunches of more stuff goes here. 
}

#
# Rewrite any https requests for www.domain.com to domain.com
# Note that this must be after the domain.com declaration.
#
server {
   listen 443;
   server_name www.domain.com;
   rewrite ^/(.*) https://domain.com/$1 permanent;
}

相关文章

一、Linux下Nginx的安装 1.去官网 http://nginx.org/download/下载对应的Nginx安装包,推荐使...
一、空格:默认匹配、普通匹配 location / { root /home; } 二、= :精确匹配(表示匹配到 /home/resou...
``` nginx -c 配置文件路径 ``` ``` /usr/local/nginx/sbin/nginx -c /usr/local/nginx/conf/nginx.con...
前言 nginx可所谓是如今最好用的软件级别的负载均衡了。通过nginx的高性能,并发能力强,占用内存下的特...
1.ngnix概念 Nginx是一款高性能的http 服务器/反向代理服务器及电子邮件(IMAP/POP3)代理服务器。由俄...
博客园从今天上午就开始报502错误 , 他的原因还不知道 , 暂时先说下我们遇到502的排查情况 最大的可能性...