Tho*_* V. 30 ssl nginx https ssl-certificate
尝试将https://example.com重定向到https://www.example.com时出错。
当我转到https://example.com 时,它不会重定向并返回 page/200 状态。
我不想要这个,我想让它重定向到https://www.example.com。
当我去http://example.com 时,它重定向到https://www.example.com
有人能告诉我我哪里出错了吗?
这是我的默认和默认 ssl 配置文件:
默认配置文件
server {
listen 80;
server_name example.com;
return 301 https://www.example.com$request_uri;
}
默认 ssl.conf
upstream app_server_ssl {
server unix:/tmp/unicorn.sock fail_timeout=0;
}
server {
server_name example.com;
return 301 https://www.example.com$request_uri
}
server {
server_name www.example.com;
listen 443;
root /home/app/myproject/current/public;
index index.html index.htm;
error_log /srv/www/example.com/logs/error.log info;
access_log /srv/www/example.com/logs/access.log combined;
ssl on;
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_certificate /srv/www/example.com/keys/ssl.crt;
ssl_certificate_key /srv/www/example.com/keys/www.example.com.key;
ssl_ciphers AES128-SHA:RC4-MD5:ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:RSA+3DES:!ADH:!AECDH:!MD5:AES128-SHA;
ssl_prefer_server_ciphers on;
client_max_body_size 20M;
try_files $uri/index.html $uri.html $uri @app;
# CVE-2013-2028 http://mailman.nginx.org/pipermail/nginx-announce/2013/000112.html
if ($http_transfer_encoding ~* chunked) {
return 444;
}
location @app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://app_server_ssl;
}
error_page 500 502 503 504 /500.html;
location = /500.html {
root /home/app/example/current/public;
}
}
mas*_*oeh 39
您listen在 file中缺少指令default-ssl.conf。添加listen 443;此指令
server {
server_name example.com;
return 301 https://www.example.com$request_uri;
}
默认情况下,如果您省略此指令,nginx 假定您要侦听端口 80。这里是此默认行为的文档。
编辑:感谢@TeroKilkanen 的评论。
这里是您的 default-ssl.conf 的完整配置
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /srv/www/example.com/keys/ssl.crt;
ssl_certificate_key /srv/www/example.com/keys/www.example.com.key;
return 301 https://www.example.com$request_uri;
}
旁注:您可以将ssl on;指令替换listen 443 ssl;为nginx 文档中的建议。
小智 8
只需添加一个 if 语句,您就可以开始了。我检查了 curl.exe -I 中的结果,除https://www.example.com之外的所有情况都被视为301。SSL很棘手,因为它会在您获得 301 URL 重定向之前进行检查。因此,您会收到证书错误。
就个人而言,我喜欢从域中删除 www,但我在下面编写了代码来回答您的问题。
server {
listen 443 ssl;
listen [::]:443 ssl; # IPV6
server_name example.com www.example.com; # List all variations here
# If the domain is https://example.com, lets fix it!
if ($host = 'example.com') {
return 301 https://www.example.com$request_uri;
}
# If the domain is https://www.example.com, it's OK! No changes necessary!
... # SSL .pem stuff
...
}
server {
listen 80;
listen [::]:80;
# If the domain is http://example.com or http://www.example.com, then let's change it to https!
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
| 归档时间: |
|
| 查看次数: |
53681 次 |
| 最近记录: |