这是一种罕见的情况:
我们正在使用nginx version: nginx/1.10.3 (Ubuntu)
在我们的网站上,以下重定向正在工作:
http://example.net -> https://www.example.net [WORKING]
https://example.net -> https://www.example.net [WORKING]
但是,此重定向根本不起作用:
http://www.example.net -> https://www.example.net [NOT WORKING]
这是我们的配置:
server {
listen 80;
listen [::]:80;
server_name www.example.net;
return 301 https://www.example.net$request_uri;
}
server {
listen 80;
listen [::]:80;
server_name _;
return 301 https://www.example.net$request_uri;
}
server {
listen 443;
listen [::]:443;
server_name example.net;
return 301 https://www.example.net$request_uri;
}
server {
listen 443 default_server ssl http2;
listen [::]:443 default_server ssl http2;
server_name www.example.net;
server_tokens off;
more_set_headers 'Server: EMET';
ssl on;
ssl_certificate /etc/letsencrypt/live/example.net/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.net/privkey.pem;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ecdh_curve secp384r1;
ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA512:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:ECDH+AESGCM:ECDH+AES256:DH+AESGCM:DH+AES256:!RS$
ssl_session_cache shared:TLS:2m;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always;
add_header X-Frame-Options DENY;
add_header X-XSS-Protection "1; mode=block";
root /var/www/html/public;
index index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ .php$ {
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.1-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
事实上,我们确实curl -sv http://www.example.net
它似乎击中了https服务器块。我知道这一点,因为正如您在上面的配置中看到的那样,在nginx中,我仅为 https://www.example.net 域配置了带有字符串" EMET"的服务器标头。但是,当我curl -sv http://www.example.net
字符串出现在服务器的答案中时。
curl -sv http://www.example.net/
* Trying 54.85.198.227...
* TCP_NODELAY set
* Connected to www.example.net (54.85.198.227) port 80 (#0)
> GET / HTTP/1.1
> Host: www.example.net
> User-Agent: curl/7.54.0
> Accept: */*
>
< HTTP/1.1 200 OK
< Date: Thu, 19 Apr 2018 19:50:31 GMT
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: no-cache, private
< Server: EMET
< Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
< X-Frame-Options: DENY
< X-XSS-Protection: 1; mode=block
我真的很感激你的帮助。
此致敬意
经过几天的测试,我找到了解决此问题的简单方法:
- 我配置了亚马逊 ELB
- 使用重定向 HTTP -> HTTPS 设置云前端分配
- 更新了域的 Route53 DNS 条目。
- 一切都运行良好,现在来自
http://www.example.net -> https://www.example.net
的重定向与其他重定向一样没有任何问题。