服务器 Gind.cn
  1. 服务器 Gind.cn
  3. 问题与Nginx SSLconfiguration301 http到https
Intereting Posts
无法将文件夹移动到自身的子目录 – 发生了什么? nginx代理caching不起作用 Print_Server Migration_Server 2012 使用共享计算机和敏感信息的自动login帐户 Logrotate:旋转非日志文件? sftp上传到多个服务器 IIS7 URL重写 如果文件不存在,则RewriteCond跳过规则 pop3caching代理 如何在Unix / Linux系统上从命令行recursionsearch和replace mediawiki和wordpress MU与Nginx不同 sudoers作为另一个用户执行命令 在CentOS 5.X上安装libxml2 2.7.X Java在Solaris服务器上遇到的资源限制是什么? 添加脚本在启动时运行,而不用触及rc.local

问题与Nginx SSLconfiguration301 http到https

我的默认服务器configuration是: 

# redirection http://example.org vers https//example.org # server { server_name example.org; return 301 https://example.org$request_uri; } # redirection http ou https www.example.org vers https ou https example.org # server { listen 80 default_server; listen [::]:80 default_server; listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; include snippets/ssl-example.org.conf; include snippets/ssl-params.conf; server_name www.example.org; return 301 $scheme://example.org$request_uri; } #bloc server https://example.org # server { listen 443 ssl http2; listen [::]:443 ssl http2; include snippets/ssl-example.org.conf; include snippets/ssl-params.conf; server_name example.org; root /var/www/html; index index.html index.htm index.nginx-debian.html; location / { try_files $uri $uri/ =404; } location ~/.well-known { allow all; } }

直接访问https://example.org或https://www.example.org是好的

但是当我尝试http访问http://example.org或http://www.example.org ,我得到 

 This page isn't working example.org didn't send any data. ERR_EMPTY_RESPONSE

我curl检查 

 $ curl -Iv http://example.org * Rebuilt URL to: http://example.org/ * Trying 138.197.100.98... * TCP_NODELAY set * Connected to example.org (138.197.100.98) port 80 (#0) > HEAD / HTTP/1.1 > Host: example.org > User-Agent: curl/7.51.0 > Accept: */*

没有301回报

我的ssl-params.conf文件是: 

 # from https://cipherli.st/ # and https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; ssl_ecdh_curve secp384r1; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; ssl_stapling on; ssl_stapling_verify on; resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 5s; # Disable preloading HSTS for now. You can use the commented out header line that includes # the "preload" directive if you understand the implications. #add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"; add_header Strict-Transport-Security "max-age=63072000; includeSubdomains"; add_header X-Frame-Options DENY; add_header X-Content-Type-Options nosniff; ssl_dhparam /etc/ssl/certs/dhparam.pem;

我的configuration有什么问题? 注意:我正在使用AVAST反病毒,Chrome版本59.0.3071.115(官方版本)(64位)或Safari版本10.1.1(12603.2.4)..同样的问题

我想你应该在这里添加'听'指令 

 server { server_name example.org; return 301 https://example.org$request_uri; }

在这里用'https'代替'$ scheme'(因为如果$ scheme == http你redirect到http,那么感觉如何?) 

 server { listen 80 default_server; listen [::]:80 default_server; listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; include snippets/ssl-example.org.conf; include snippets/ssl-params.conf; server_name www.example.org; return 301 $scheme://example.org$request_uri; }