我的docker堆栈有以下nginx配置。
worker_processes auto;
events {
worker_connections 65000;
}
http {
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
upstream api {
server api:3000;
}
upstream app {
server app:8000;
}
server {
listen 443 ssl;
server_name api.atimu.com;
ssl_certificate /etc/letsencrypt/live/api.atimu.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.atimu.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
large_client_header_buffers 4 32k;
gzip on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
proxy_pass http://api;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 443 ssl;
server_name app.atimu.com;
ssl_certificate /etc/letsencrypt/live/app.atimu.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.atimu.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
large_client_header_buffers 4 32k;
gzip on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
proxy_pass http://app;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name api.atimu.com;
return 301 https://api.atimu.com$request_uri;
}
server {
listen 80;
server_name app.atimu.com;
return 301 https://app.atimu.com$request_uri;
}
}
除了重定向部分外,一切都正常应用在https上打开,但在HTTP上不打开(重定向到https(。我只想(而不是API(http://app.atimu.com重定向到https://app.atimu.com。我做错了什么?
更新:
- 为应用程序添加了重定向块
- 已删除应用SSL配置的端口80
- 为api添加了重定向块
- 删除了api SSL配置的端口80
结果:
- 能够使用https访问应用程序和API
- 仍然HTTP未重定向到https
您的nginx配置似乎不完整,请在nginx文件中添加以下块,然后重新启动Web服务器。
server {
if ($host = app.atimu.com) {
return 301 https://$host$request_uri;
}
listen 80;
server_name app.atimu.com;
return 404;
}
此外,我想知道您是否使用以下命令颁发了ssl证书,该命令会自动为您的域创建ssl块,将HTTP请求重定向到HTTPS:
sudo certbot --nginx -d app.atimu.com
以下步骤(由@RichardSmith建议(为我解决了问题。
- 为HTTP到https编写特定站点重定向规则或通用重定向规则
server {
listen 80;
server_name api.atimu.com;
return 301 https://api.atimu.com$request_uri;
}
server {
listen 80;
server_name app.atimu.com;
return 301 https://app.atimu.com$request_uri;
}
或
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}
- 从SSL配置块中删除HTTP端口侦听器
server {
# liten 80; Remove this line
listen 443 ssl;
server_name app.atimu.com;
ssl_certificate /etc/letsencrypt/live/app.atimu.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.atimu.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
large_client_header_buffers 4 32k;
gzip on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
proxy_pass http://app;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
- 重新启动nginx,在我的情况下,它是码头化的,所以我只需要重新启动堆栈
- 清除浏览器缓存这很重要,即使在完成上述步骤后,它在我的浏览器中也不起作用,因为以前的配置是缓存的