小贝子编程

Nginx 重定向 301 非 ssl www 到 ssl www 无法正常工作



这是一种罕见的情况:

我们正在使用nginx version: nginx/1.10.3 (Ubuntu)

在我们的网站上,以下重定向正在工作:

http://example.net -> https://www.example.net [WORKING]
https://example.net -> https://www.example.net [WORKING]

但是,此重定向根本不起作用:

http://www.example.net -> https://www.example.net [NOT WORKING]

这是我们的配置:

server {
    listen  80;
    listen  [::]:80;
    server_name     www.example.net;
    return 301 https://www.example.net$request_uri;
}
server {
    listen 80;
    listen [::]:80;
    server_name    _;
    return         301 https://www.example.net$request_uri;
}
server {
    listen 443;
    listen [::]:443;
    server_name    example.net;
    return         301 https://www.example.net$request_uri;
}
server {
    listen 443 default_server ssl http2;
    listen [::]:443 default_server ssl http2;
    server_name www.example.net;
    server_tokens off;
    more_set_headers 'Server: EMET';
    ssl    on;
    ssl_certificate    /etc/letsencrypt/live/example.net/fullchain.pem;
    ssl_certificate_key   /etc/letsencrypt/live/example.net/privkey.pem;
    ssl_dhparam /etc/ssl/certs/dhparam.pem;
    ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
    ssl_prefer_server_ciphers on;
    ssl_ecdh_curve  secp384r1;
    ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:!RS$
    ssl_session_cache shared:TLS:2m;
    ssl_stapling on;
    ssl_stapling_verify on;
    resolver 8.8.8.8;
    add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always;
    add_header X-Frame-Options DENY;
    add_header X-XSS-Protection "1; mode=block";
    root /var/www/html/public;
    index index.php;
    location / {
            try_files $uri $uri/ /index.php?$query_string;
    }
    location ~ .php$ {
           try_files $uri /index.php =404;
           fastcgi_split_path_info ^(.+.php)(/.+)$;
           fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
           fastcgi_index index.php;
           fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
           include fastcgi_params;
    }
}

事实上,我们确实curl -sv http://www.example.net它似乎击中了https服务器块。我知道这一点,因为正如您在上面的配置中看到的那样,在nginx中,我仅为 https://www.example.net 域配置了带有字符串" EMET"的服务器标头。但是,当我curl -sv http://www.example.net字符串出现在服务器的答案中时。

curl -sv http://www.example.net/
*   Trying 54.85.198.227...
* TCP_NODELAY set
* Connected to www.example.net (54.85.198.227) port 80 (#0)
> GET / HTTP/1.1
> Host: www.example.net
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Thu, 19 Apr 2018 19:50:31 GMT
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: no-cache, private
< Server: EMET
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
< X-Frame-Options: DENY
< X-XSS-Protection: 1; mode=block

我真的很感激你的帮助。

此致敬意

经过几天的测试,我找到了解决此问题的简单方法:

  1. 我配置了亚马逊 ELB
  2. 使用重定向 HTTP -> HTTPS 设置云前端分配
  3. 更新了域的 Route53 DNS 条目。
  4. 一切都运行良好,现在来自http://www.example.net -> https://www.example.net的重定向与其他重定向一样没有任何问题。

相关内容

最新更新


热门标签:

javascript python java c# php android html jquery c++ css ios sql mysql arrays asp.net json python-3.x ruby-on-rails .net sql-server django objective-c excel regex ruby linux ajax iphone xml vba spring asp.net-mvc database wordpress string postgresql wpf windows xcode bash git oracle list vb.net multithreading eclipse algorithm macos powershell visual-studio image forms numpy scala function api selenium