似乎有很多问题和指导,指示如何设置nginxredirecthttp请求到https。 许多已经过时了,或者只是错了。
# MANAGED BY PUPPET upstream gitlab { server unix:/home/git/gitlab/tmp/sockets/gitlab.socket; } # setup server with or without https depending on gitlab::gitlab_ssl variable server { listen *:80; server_name gitlab.localdomain; server_tokens off; root /nowhere; rewrite ^ https://$server_name$request_uri permanent; } server { listen *:443 ssl default_server; server_name gitlab.localdomain; server_tokens off; root /home/git/gitlab/public; ssl on; ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers AES:HIGH:!ADH:!MDF; ssl_prefer_server_ciphers on; # individual nginx logs for this gitlab vhost access_log /var/log/nginx/gitlab_access.log; error_log /var/log/nginx/gitlab_error.log; location / { # serve static files from defined root folder;. # @gitlab is a named location for the upstream fallback, see below try_files $uri $uri/index.html $uri.html @gitlab; } # if a file, which is not found in the root folder is requested, # then the proxy pass the request to the upsteam (gitlab puma) location @gitlab { proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694 proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694 proxy_redirect off; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Ssl on; proxy_set_header Host $http_host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://gitlab; } } 我在每次configuration更改后都重新启动,但在访问http://192.168.33.10时,我仍然只能看到“Welcome to nginx”页面。 而https://192.168.33.10完美。
为什么nginx仍然不会将http请求redirect到https?
我也尝试了以下configuration
listen *:80; server_name <%= @fqdn %>; #root /nowhere; #rewrite ^ https://$server_name$request_uri? permanent; #rewrite ^ https://$server_name$request_uri permanent; #return 301 https://$server_name$request_uri; #return 301 http://$server_name$request_uri; #return 301 http://192.168.33.10$request_uri; return 301 http://$host$request_uri;
日志
tailf /var/log/nginx/access.log 192.168.33.1 - - [22/Oct/2013:03:41:39 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Firefox/24.0" 192.168.33.1 - - [22/Oct/2013:03:44:43 +0000] "GET / HTTP/1.1" 200 133 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Firefox/24.0" tailf /var/log/nginx/gitlab_error.lob 2013/10/22 02:29:14 [crit] 27226#0: *1 connect() to unix:/home/git/gitlab/tmp/sockets/gitlab.socket failed (2: No such file or directory) while connecting to upstream, client: 192.168.33.1, server: gitlab.localdomain, request: "GET / HTTP/1.1", upstream: "http://unix:/home/git/gitlab/tmp/sockets/gitlab.socket:/", host: "192.168.33.10"
资源
https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
如何使nginxredirect
如何强制或redirect到Nginx的SSL?
nginx sslredirect
Nginx&Httpsredirect
https://www.tinywp.in/301-redirect-wordpress/
如何强制或redirect到Nginx的SSL?
我已经确定了这个问题。
我在/ etc / hosts中有一个input错误的configuration
127.0.0.1 gitlab.localdomain gitlab
只要我将其更改为以下,httpsredirect开始工作
192.168.33.10 gitlab.localdomain gitlab
所以最后,这是工作语法。
server { listen 80; server_name gitlab.localdomain; server_tokens off; return 301 https://$host$request_uri; } server { listen 443 ssl default_server; server_name gitlab.localdomain; server_tokens off; root /home/git/gitlab/public; ssl on; ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem; ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key; ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers AES:HIGH:!ADH:!MDF; ssl_prefer_server_ciphers on; …
注意
redirect仅在按名称调用url时起作用,如果导航到ip,则不会redirect。
2件事情如何确保http-to-httpsredirect
在您的HTTPS – 部分中,启用HSTS-Header _>这将确保您的浏览器仅以HTTPS发送未来请求
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
在你的http部分:你可以return 301 https://$server_name$request_uri; (最快的方法)或重写(较慢)
server { listen 80; server_name _; server_tokens off; return 301 https://$host$request_uri;
}