我对这件事很感兴趣,因此我要求你们在这件事上和我一起袒护。 相信我,我通常不会发问,直到我真正花了几个小时在一个问题上没有任何结果。
请原谅,如果我不熟悉服务器术语。 我会尽我所能来解释手头的情况。
所以这是事情。 我从一个nginx服务器为我的网站提供服务,并在服务器上安装了letsencrypt ssl证书。
我也在网上研究如何使redirect工作,因为我只希望https://www.example.com出现以下条目:
它redirect了前4个,但不是最后一个,我不明白为什么。 它只是显示为https://example.com
这是我在过去几个小时一直在讨论的文件。 我在这里和那里改变了一些代码来获得我现在所处的状态(这比之前我认为的要好)。 所以如果你认为有些事情是closures的,那很可能是,我正在寻找正确的解决scheme。
[/etc/nginx/sites-enabled/example.com]
server { server_name example.com; return 301 $scheme://www.example.com$request_uri; } server { listen 80 default_server; listen [::]:80 default_server; # SSL configuration # listen 443 ssl default_server; listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; root /var/www/example.com/html; # Add index.php to the list if you are using PHP index index.html index.htm index.nginx-debian.html; server_name example.com; location / { # First attempt to serve request as file, then # as directory, then fall back to displaying a 404. try_files $uri $uri/ =404; } location /fonts { add_header "Access-Control-Allow-Origin" *; alias /var/www/example.com/fonts; } # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000 # #location ~ \.php$ { # include snippets/fastcgi-php.conf; # # # With php7.0-cgi alone: # fastcgi_pass 127.0.0.1:9000; # # With php7.0-fpm: # fastcgi_pass unix:/run/php/php7.0-fpm.sock; #} # deny access to .htaccess files, if Apache's document root # concurs with nginx's one # #location ~ /\.ht { # deny all; #} #listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot if ($scheme != "https") { return 301 https://www.example.com$request_uri; } # managed by Certbot # Redirect non-https traffic to https # if ($scheme != "https") { # return 301 https://$host$request_uri; # } # managed by Certbot } # Virtual Host configuration for example.com # # You can move that to a different file under sites-available/ and symlink that # to sites-enabled/ to enable it. # #server { # listen 80; # listen [::]:80; # # server_name example.com; # # root /var/www/example.com; # index index.html; # # location / { # try_files $uri $uri/ =404; # } #} 此外,这里是curl命令进一步支持:
curl -I example.com HTTP/1.1 301 Moved Permanently Server: nginx/1.10.3 (Ubuntu) Date: Wed, 25 Oct 2017 18:29:36 GMT Content-Type: text/html Content-Length: 194 Connection: keep-alive Location: http://www.example.com/ curl -I www.example.com HTTP/1.1 301 Moved Permanently Server: nginx/1.10.3 (Ubuntu) Date: Wed, 25 Oct 2017 18:56:04 GMT Content-Type: text/html Content-Length: 194 Connection: keep-alive Location: https://www.example.com/ curl -I http://example.com HTTP/1.1 301 Moved Permanently Server: nginx/1.10.3 (Ubuntu) Date: Wed, 25 Oct 2017 18:29:43 GMT Content-Type: text/html Content-Length: 194 Connection: keep-alive Location: http://www.example.com/ curl -I http://www.example.com HTTP/1.1 301 Moved Permanently Server: nginx/1.10.3 (Ubuntu) Date: Wed, 25 Oct 2017 18:29:49 GMT Content-Type: text/html Content-Length: 194 Connection: keep-alive Location: https://www.example.com/ curl -I https://www.example.com HTTP/1.1 200 OK Server: nginx/1.10.3 (Ubuntu) Date: Wed, 25 Oct 2017 18:59:15 GMT Content-Type: text/html Content-Length: 8205 Last-Modified: Wed, 25 Oct 2017 06:04:46 GMT Connection: keep-alive ETag: "59f0297e-200d" Accept-Ranges: bytes curl -I https://example.com HTTP/1.1 200 OK Server: nginx/1.10.3 (Ubuntu) Date: Wed, 25 Oct 2017 18:59:51 GMT Content-Type: text/html Content-Length: 8205 Last-Modified: Wed, 25 Oct 2017 06:04:46 GMT Connection: keep-alive ETag: "59f0297e-200d" Accept-Ranges: bytes
如果你需要在我的Alogging上input一些信息,我也可以看到一些答案也可以查看,有2条logging: