我正在本地测试 nginx 作为反向代理
我想将通配符子域http重定向到https
子域在应用程序中以编程方式处理
server {
listen 80;
server_name ~^(.*)\.localhost$;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
gzip on;
gzip_comp_level 6;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/html text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_buffers 16 8k;
server_name ~^(.*)\.localhost$;
# SSL Certs
ssl_certificate /path/to/server.crt;
ssl_certificate_key /path/to/server.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
location / {
proxy_pass http://localhost:3333;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
直接从 chrome 访问 https 效果很好 访问 http 实际上什么都不做,甚至没有刷新页面
示例脚本 nginx :
server
{
listen 443 default ssl;
listen [::]:443 ssl;
root /var/www/html/api_mobile/public;
include snippets/ssl-params.conf;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-Content-Type-Options "nosniff";
index index.html index.php index.htm index.nginx-debian.html;
server_name sitename.com;
charset utf-8;
location / {
if ($scheme ="http") {
# redirect all non api traffic to https block
return 301 https://$server_name$request_uri;
}
try_files $uri $uri/ /index.php?$query_string;
}
location = /favicon.ico { access_log off; log_not_found off; }
location = /robots.txt { access_log off; log_not_found off; }
error_page 404 /index.php;
location ~ \.php$ {
fastcgi_pass unix:/run/php/php8.2-fpm.sock;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
include fastcgi_params;
}
ssl_certificate /etc/letsencrypt/live/sites/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/site/privkey.pem; # managed by Certbot
}
关于计划条件:
if ($scheme ="http")
{
# redirect all non api traffic to https block
return 301 https://$server_name$request_uri;
}
它在一个端口 443 https 上重定向的核心强制 http 到 https