服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Nginx不会从HTTPredirect到HTTPS
Intereting Posts
vCenter如何将ESXi主机连接更改为来宾虚拟机? DNS服务器权限 Subversion版本库大小和备份文件的区别 Linode发行(如何select?)64bit? 自动监测英特尔matrix/快速存储技术RAIDarrays 何encryption部分configuration数据文件? SQL Server 2008 R2企业数据库具有意外的4GB数据库大小限制 拿着导航的SquidGuard sudo问我密码 无法在Internet Explorer中连接 我应该将Node.js移动到单独的服务器,还是将它与LNMP一起托pipe? IIS ARR传递Windows身份validation不起作用 EAP-TLS:共享客户端证书时可能会窃听吗? 是否有与CentOS的MySecureShell相当的function? Nginx – 用proxy_pass在错误页面中的空响应

Nginx不会从HTTPredirect到HTTPS

我的架构设置是在NodeJS的CentOS上运行的SSO服务,端口10102和10142,我需要所有端口80的请求redirect到443外部和内部我上游一切到NodeJS的上述端口,这里是我的configuration: 

upstream sso1 { server localhost:10102; server localhost:10142; } server { listen [::]:80; listen 443 ssl; server_name www.site.business site.business; ssl_certificate /etc/nginx/cert.crt; ssl_certificate_key /etc/nginx/cert.key; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_prefer_server_ciphers on; if ($scheme = http) { return 301 https://$server_name$request_uri; } location / { proxy_pass http://sso1; proxy_read_timeout 90; proxy_redirect http://sso1 https://www.site.business; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; } }

但无论我做什么,该网站仍然可以通过HTTP和HTTPS都可用。

任何想法为什么Nginx忽略我? 我实际上已经尝试了不同的configuration,其中一个是捕获所有端口80的请求,301redirect它们: 

 upstream sso1 { server localhost:10102; server localhost:10142; } server { listen [::]:80; server_name www.site.business site.business; return 301 https://$server_name$request_uri; } server { listen 443; server_name www.site.business site.business; ssl_certificate /etc/nginx/cert.crt; ssl_certificate_key /etc/nginx/cert.key; ssl on; ssl_session_cache builtin:1000 shared:SSL:10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4; ssl_prefer_server_ciphers on; location / { proxy_pass http://sso1; proxy_read_timeout 90; proxy_redirect http://sso1 https://www.site.business; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Host $server_name; } }

在您的顶级configuration中,您已经告诉它在80和443上进行监听。假设您希望网站仅在www子域上的https上进行回复,以下是configuration的重要部分。

另一个关键是你可能不得不为缺省域设置一个侦听器,这个缺省域服务于任何命中服务器的请求。 

 // Listen for requests for the main website server { server_name www.example.com; listen 443 ssl http2; // https optional, need to build Nginx with correct module ssl_certificatefullchain; ssl_certificate_key privkey; // locations etc } // Forward http requests for domain and www subdomain to main server { listen 80; server_name example.com www.example.com; return 301 https://www.example.com$request_uri; } // Forward https requests for root domain to main server { listen 443 ssl; server_name example.com; ssl_certificatefullchain; ssl_certificate_key privkey; return 301 https://www.example.com$request_uri; }

我有这个configuration来处理默认 

 # This just prevents Nginx picking a random default server if it doesn't know which server block to send a request to server { listen 80 default_server; server_name _; return 444; # This means "go away", effectively }

我有一个很大的教程和示例configuration文件可在这里 。