对不起,conf文件。 我一直在尝试一切,所以变得一团糟。 我想启用SSL并将所有stream量redirect到https。 目前,使用下面的conf文件,我可以导航到HTTP没有问题。 HTTPS只是redirect回HTTP。 如果我取消注释第5行,那么浏览器只是说太多的redirect。 任何帮助表示赞赏。
更新:基于下面的评论,我更新了conf文件。 同样的问题。 我添加返回301分钟我得到太多的redirect错误。
# Redirect all variations to https://www domain server { listen 80; server_name name.com www.name.com; # return 301 https://www.name.com$request_uri; } server { listen 443 ssl; server_name name.com; ssl_certificate /etc/letsencrypt/live/name.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/name.com/privkey.pem; # Set up preferred protocols and ciphers. TLS1.2 is required for HTTP/2 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; # This is a cache for SSL connections ssl_session_cache shared:SSL:2m; ssl_session_timeout 60m; #return 301 https://www.name.com$request_uri; } 您需要两个服务器块redirect(如下所示),然后您的主块为实际请求提供服务(不包括在下面,因为它取决于您的应用程序/使用情况)。
# Redirect all variations to https://www domain server { listen 80; access_log /var/log/nginx/example.access.log main buffer=128k flush=60 if=$log_ua; server_name example.com www.example.com; return 301 https://www.example.com$request_uri; } server { listen 443 ssl http2; server_name example.com; ssl_certificate /var/lib/acme/certs/xx/fullchain; ssl_certificate_key /var/lib/acme/certs/xx/privkey; access_log /var/log/nginx/example.access.log main buffer=128k flush=60 if=$log_ua; # Set up preferred protocols and ciphers. TLS1.2 is required for HTTP/2 ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5; # This is a cache for SSL connections ssl_session_cache shared:SSL:2m; ssl_session_timeout 60m; return 301 https://www.example.com$request_uri; }