将http请求重定向到nginx服务器上的https

问题描述 投票:0回答:2

我正在使用 ubuntu 14.04 和 nginx 在数字海洋服务器上运行应用程序。我的应用程序通过 Gunicorn 运行。我想将http请求直接重定向到https。 我试过了

server {
    # Running port
    listen 80;
    server_name example.com www.example.com;

    return 301 https://$host$request_uri;

并且它适用于 Safari。但它在 Chrome 或 Firefox 上不起作用?知道我做错了什么吗? 我在下面附上了整个 nginx.conf 文件

worker_processes 1;

events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;

    sendfile on;

    gzip              on;
    gzip_http_version 1.1;
    gzip_comp_level   5;
    gzip_proxied      any;
    gzip_min_length   256;
    gzip_vary         on;

    # Configuration containing list of application servers
    upstream app_servers {
        server 127.0.0.1:8080;
    }

    # Configuration for Nginx
    server {
        # Running port
        listen 80;
        server_name example.com www.example.com;

        return 301 https://$host$request_uri;

        # Settings to serve static files
        location /static/  {

            # Example:
            # root /full/path/to/application/static/file/dir;
            root /var/www/example/app/;

            location ~*  \.(jpg|woff|jpeg|png|gif|ico|css)$ {
                expires 30d;
            }

            location ~*  \.(js)$ {
                expires 1d;
            }

            # we do not cache html, xml or json
            location ~* \.(?:manifest|appcache|html?|xml|json)$ {
                expires -1;
                # access_log logs/static.log; # I don't usually include a static log
            }

            location ~*  \.(pdf)$ {
                expires 30d;
            }
        }

        # Serve a static file (ex. favico)
        # outside /static directory
        location = /favico.ico  {

            root /app/favico.ico;
            gzip_static on;
        }
    }

    server {
        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

        ssl_dhparam /etc/ssl/certs/dhparam.pem;

        # Proxy connections to the application servers
        # app_servers
        location / {
            proxy_connect_timeout 300s;
            proxy_read_timeout 300s;
            proxy_pass         http://app_servers;
            proxy_redirect     off;
            # proxy_redirect http:// https://;
            proxy_set_header   Host $host;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Host $server_name;
        }
    }
}
google-chrome firefox nginx safari
2个回答
0
投票

首先,你不应该在 http 上提供任何内容。一切都应该在 https 上,甚至

favico.ico

worker_processes 1;

events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;

    sendfile on;

    gzip              on;
    gzip_http_version 1.1;
    gzip_comp_level   5;
    gzip_proxied      any;
    gzip_min_length   256;
    gzip_vary         on;

    # Configuration containing list of application servers
    upstream app_servers {
        server 127.0.0.1:8080;
    }

    # Configuration for Nginx
    server {
        # Running port
        listen 80;
        server_name example.com www.example.com;

        return 301 https://$host$request_uri;

    }

    server {
        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

        ssl_dhparam /etc/ssl/certs/dhparam.pem;

        # Settings to serve static files
        location /static/  {

            # Example:
            # root /full/path/to/application/static/file/dir;
            root /var/www/example/app/;

            location ~*  \.(jpg|woff|jpeg|png|gif|ico|css)$ {
                expires 30d;
            }

            location ~*  \.(js)$ {
                expires 1d;
            }

            # we do not cache html, xml or json
            location ~* \.(?:manifest|appcache|html?|xml|json)$ {
                expires -1;
                # access_log logs/static.log; # I don't usually include a static log
            }

            location ~*  \.(pdf)$ {
                expires 30d;
            }
        }

        # Serve a static file (ex. favico)
        # outside /static directory
        location = /favico.ico  {

            root /app/favico.ico;
            gzip_static on;
        }

        # Proxy connections to the application servers
        # app_servers
        location / {
            proxy_connect_timeout 300s;
            proxy_read_timeout 300s;
            proxy_pass         http://app_servers;
            proxy_redirect     off;
            # proxy_redirect http:// https://;
            proxy_set_header   Host $host;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Host $server_name;
        }
    }
}

接下来,当您在 Chrome 或任何其他浏览器中进行测试时,请确保打开“私人”或“隐身”窗口。


0
投票

示例脚本 nginx :

server 
{

        listen 443 default ssl;
        listen [::]:443 ssl;
        root /var/www/html/api_mobile/public;

        include snippets/ssl-params.conf;

        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-Content-Type-Options "nosniff";
        index index.html index.php index.htm index.nginx-debian.html;

        server_name sitename.com;

        charset utf-8;
        location / {
             if ($scheme ="http") {
                # redirect all non api traffic to https block
                return 301 https://$server_name$request_uri;
             }           

            try_files $uri $uri/ /index.php?$query_string;
        }

        location = /favicon.ico { access_log off; log_not_found off; }
        location = /robots.txt  { access_log off; log_not_found off; }


        error_page 404 /index.php;
        location ~ \.php$ {
            fastcgi_pass unix:/run/php/php8.2-fpm.sock;
            fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
            include fastcgi_params;
        }

    ssl_certificate /etc/letsencrypt/live/sites/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/site/privkey.pem; # managed by Certbot
}

关于计划条件:

if ($scheme ="http") 
{
                # redirect all non api traffic to https block
                return 301 https://$server_name$request_uri;
}   

它在一个端口 443 https 上重定向的核心强制 http 到 https

© www.soinside.com 2019 - 2024. All rights reserved.