我有一个Nginx服务器,它应该将所有请求从http://www.domain.com和http://domain.com以及https://domain.com重定向到https://www.domain.com
所以有或没有www和有或没有ssl我希望用户总是到达https://www.domain.com.
在阅读了Nginx文档并在google上进行研究后,这是我当前的Nginx配置:
server {
listen 80;
server_name .domain.com;
return 301 https://www.domain.com$request_uri;
}
server {
listen 443 ssl;
server_name .domain.com;
ssl_certificate /etc/ssl/private/[pem file];
ssl_certificate_key /etc/ssl/private/[key file];
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers HIGH:!ADH:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 70;
###
### Deny known crawlers.
###
if ($is_crawler) {
return 403;
}
location / {
proxy_pass http://Nginx_http;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-By $server_addr:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Local-Proxy $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass_header Set-Cookie;
proxy_pass_header Cookie;
proxy_pass_header X-Accel-Expires;
proxy_pass_header X-Accel-Redirect;
proxy_pass_header X-This-Proto;
proxy_connect_timeout 300;
proxy_send_timeout 300;
proxy_read_timeout 300;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
access_log off;
log_not_found off;
}
50 }
发生的情况是http://domain.com的请求被正确地重定向到https://www.domain.com但是没有重定向到http://www.domain.com的请求(并且网站是在没有ssl的情况下交付的).
更新:
由于这是BOA(Barracuda Octopus Aegir)设置的服务器的一部分,因此有几个配置文件在使用中.这也是加载的Nginx.conf:
# Aegir web server main configuration file
#######################################################
### Nginx.conf main
#######################################################
## FastCGI params
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE ApacheSolaris/$Nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param USER_DEVICE $device;
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_param REDIRECT_STATUS 200;
fastcgi_index index.PHP;
## Default index files
index index.PHP index.html;
## Size Limits
client_body_buffer_size 64k;
client_header_buffer_size 32k;
client_max_body_size 100m;
large_client_header_buffers 32 32k;
connection_pool_size 256;
request_pool_size 4k;
server_names_hash_bucket_size 512;
server_names_hash_max_size 8192;
types_hash_bucket_size 512;
map_hash_bucket_size 192;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 4k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
## Timeouts
client_body_timeout 60;
client_header_timeout 60;
send_timeout 60;
lingering_time 30;
lingering_timeout 5;
fastcgi_connect_timeout 60;
fastcgi_send_timeout 300;
fastcgi_read_timeout 300;
## Open File Performance
open_file_cache max=8000 inactive=30s;
open_file_cache_valid 60s;
open_file_cache_min_uses 3;
open_file_cache_errors on;
## FastCGI Caching
fastcgi_cache_path /var/lib/Nginx/speed
levels=2:2:2
keys_zone=speed:10m
inactive=15m
max_size=3g;
## General Options
ignore_invalid_headers on;
limit_conn_zone $binary_remote_addr zone=gulag:10m;
recursive_error_pages on;
reset_timedout_connection on;
fastcgi_intercept_errors on;
server_tokens off;
fastcgi_hide_header 'Link';
fastcgi_hide_header 'X-Generator';
fastcgi_hide_header 'X-Powered-By';
fastcgi_hide_header 'X-Drupal-Cache';
## TCP options moved to /etc/Nginx/Nginx.conf
## SSL performance
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
## GeoIP support
geoip_country /usr/share/GeoIP/GeoIP.dat;
## Compression
gzip_buffers 16 8k;
gzip_comp_level 5;
gzip_http_version 1.0;
gzip_min_length 10;
gzip_types text/plain text/css application/x-javascript text/xml application/xml application/xml+RSS text/javascript;
gzip_vary on;
gzip_proxied any;
add_header Vary "Accept-Encoding";
gzip_static on;
upload_progress uploads 1m;
## Log Format
log_format main '"$proxy_add_x_forwarded_for" $host [$time_local] '
'"$request" $status $body_bytes_sent '
'$request_length $bytes_sent "$http_referer" '
'"$http_user_agent" $request_time "$gzip_ratio"';
client_body_temp_path /var/lib/Nginx/body 1 2;
access_log /var/log/Nginx/access.log main;
error_log /var/log/Nginx/error.log crit;
# Extra configuration from modules:
#######################################################
### Nginx default maps
#######################################################
###
### Support separate Boost and Speed Booster caches for varIoUs mobile devices.
###
map $http_user_agent $device {
default normal;
~*Nokia|BlackBerry.+MIDP|240x|320x|Palm|NetFront|Symbian|SonyEricsson mobile-other;
~*iPhone|iPod|Android|BlackBerry.+AppleWebKit mobile-smart;
~*iPad|Tablet mobile-tablet;
}
###
### Set a cache_uid variable for authenticated users (by @brianmercer and @perusio,fixed by @omega8cc).
###
map $http_cookie $cache_uid {
default '';
~SESS[[:alnum:]]+=(?PHP.+src|system\(.+|document\.cookie|\;|\.\. is_denied;
}
#######################################################
### Nginx default server
#######################################################
server {
limit_conn gulag 32; # like mod_evasive - this allows max 32 simultaneous connections from one IP address
listen *:80;
server_name _;
location / {
root /var/www/Nginx-default;
index index.html index.htm;
}
}
#######################################################
### Nginx virtual domains
#######################################################
# virtual hosts
include /var/aegir/config/server_master/Nginx/pre.d/*;
include /var/aegir/config/server_master/Nginx/platform.d/*;
include /var/aegir/config/server_master/Nginx/vhost.d/*;
include /var/aegir/config/server_master/Nginx/post.d/*;
在最后包含的目录中,定义了一些监听特定子域的服务器(由aegir设置).我认为这些不会影响我们.
更新2:
感谢davismwfl和Melvyn为您输入.现在它变得有趣了:
server {
listen 80;
server_name www.domain.com;
return 301 https://www.domain.com$request_uri;
}
当我创建一个只应重定向http://www.domain.com到https://www.domain.com的服务器时,请求被重定向到https:// ..然后卡在重定向循环中.
如果由于某种原因我理解这一点,那么应该监听端口80的服务器也会监听https请求并再次尝试重定向请求.
你知道为什么?
任何想法可能是什么问题或为什么它做它的作用?
非常感谢,马丁
最佳答案
所以,我这样做是相反的.前几天我确实遇到了这个问题.有一点是订单被认为是重要的,我真的应该把“重写”规则改为“返回301 ……”但是我很懒,并没有这样做,因为我有点匆忙.
这是我的配置的片段
#
# Rewrite any http requests for domain.com to https.
#
server {
listen 80;
server_name domain.com;
return 301 https://domain.com$request_uri;
}
#
# Rewrite any http requests for www.domain.com to domain.com
# using SSL
#
server {
listen 80;
server_name www.domain.com;
rewrite ^/(.*) https://domain.com/$1 permanent;
}
#
# The domain.com website
#
server {
listen 443 ssl;
server_name domain.com;
ssl_certificate /etc/Nginx/conf.d/[crt];
ssl_certificate_key /etc/Nginx/conf.d/[key];
... Bunches of more stuff goes here.
}
#
# Rewrite any https requests for www.domain.com to domain.com
# Note that this must be after the domain.com declaration.
#
server {
listen 443;
server_name www.domain.com;
rewrite ^/(.*) https://domain.com/$1 permanent;
}
