nginx 上的 http 到 https 重定向

问题描述 投票:0回答:3

我有一个网站在 Amazon ELB 后面的 EC2 机器上运行。
我已经在 ELB 上配置了 SSL,因此它可以为我处理 http 和 https。 https 上的所有请求都完美运行。但我想强制(重定向)http 请求到https。由于某种原因,它不起作用

我在 nginx 中添加了重定向规则,但每当我启用该规则时,nginx 服务器就会停止响应。

server {
listen 80;
server_name domain1.com;
gzip on;
gzip_proxied any;
gzip_types text/plain text/xml text/css application/x-javascript;
gzip_vary on;

access_log /var/log/nginx/domain1.access.log;

location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_pass    http://127.0.0.1:4000/;
   ###  Redirect http to https ####
   if ($http_x_forwarded_proto != "https") {
    rewrite ^(.*)$ https://$server_name$1 permanent;
   }
   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
}
}

以下是负载均衡器的配置: Amazon ELB Config

请帮助我配置哪里出了问题。 短暂性脑缺血发作。

nginx amazon-ec2 amazon-elb
3个回答
0
投票

尝试以下操作:

server {
    listen 80;
    listen [::]:80;
    server_name domain1.com;
    return 301 https://$host$request_uri;
}
0
投票

我提出这个代码。在我的 VPS 上进行测试,但不在 Amazon ELB 上进行测试

server {
server_name example.com www.example.com;
        listen 80;
        return 301 https://example.com$request_uri;
}
server {
server_name example.com;
        root /home/user/www/example/;
        include global.conf;
        include php.conf;
        include ssl.conf;
        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

}
server{
server_name www.example.com;
        include ssl.conf;
        return 301 https://example.com$request_uri;
        ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
}

文件 ssl.conf 包含:

listen 443 ssl http2;
listen [::]:443 ssl http2;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AES$
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
0
投票

示例脚本 nginx :

server 
{

        listen 443 default ssl;
        listen [::]:443 ssl;
        root /var/www/html/api_mobile/public;

        include snippets/ssl-params.conf;

        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-Content-Type-Options "nosniff";
        index index.html index.php index.htm index.nginx-debian.html;

        server_name sitename.com;

        charset utf-8;
        location / {
             if ($scheme ="http") {
                # redirect all non api traffic to https block
                return 301 https://$server_name$request_uri;
             }           

            try_files $uri $uri/ /index.php?$query_string;
        }

        location = /favicon.ico { access_log off; log_not_found off; }
        location = /robots.txt  { access_log off; log_not_found off; }


        error_page 404 /index.php;
        location ~ \.php$ {
            fastcgi_pass unix:/run/php/php8.2-fpm.sock;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            include fastcgi_params;
        }

    ssl_certificate /etc/letsencrypt/live/sites/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/site/privkey.pem; # managed by Certbot
}

关于计划条件:

if ($scheme ="http") 
{
                # redirect all non api traffic to https block
                return 301 https://$server_name$request_uri;
}

它在一个端口 443 https 上重定向的核心强制 http 到 https

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.