我在Ubuntu 14.04上安装了最新的nginx版本。 我主持了几个网站,无论是有和没有SSL。 我的问题是,每次尝试在非SSL主机上设置新网站时,当我尝试访问该主机时,nginx都会redirect到同一主机的SSL版本(即使SSL没有服务器块对于特定的主机),并从同一台服务器上的随机Web应用程序呈现内容,同样触发SSL证书不匹配。
任何想法可能是错的?
下面是我尝试设置的非SSL主机的nginx conf:
server { listen 80; listen [::]:80; server_name some.domain.eu; root /usr/share/nginx/some.domain.eu/html; index index.php index.html index.htm; error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # pass the PHP scripts to FastCGI server listening on the php-fpm socket location ~ \.php$ { try_files $uri @missing; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location / { try_files $uri $uri/ /index.php$is_args$args; } } 以下是some.domain.eu呈现来自以下内容的一个SSL的conf:
server { listen 80; server_name some.ssl.domain.com www.some.ssl.domain.com; rewrite ^ https://$server_name$request_uri? permanent; } server { listen 443 ssl http2; server_name some.ssl.domain.com www.some.ssl.domain.com; root /usr/share/nginx/some.ssl.domain.com/html; index index.php index.html index.htm; include /etc/nginx/snippets/ssl-params.conf; include /etc/nginx/snippets/ssl-some.ssl.domain.com.conf; location / { try_files $uri $uri/ /index.php?$args; } location ~ /.well-known { allow all; } error_page 404 /404.html; error_page 500 502 503 504 /50x.html; location = /50x.html { root /usr/share/nginx/html; } # pass the PHP scripts to FastCGI server listening on the php-fpm socket location ~ \.php$ { try_files $uri @missing; fastcgi_pass unix:/var/run/php5-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location @missing { rewrite ^ $scheme://$host/index.php permanent; } location ~* \.(jpg|jpeg|png|gif|ico|css|js)$ { expires 365d; } }
而我的nginx.conf:
user www-data; worker_processes auto; pid /run/nginx.pid; #server_tokens off; events { worker_connections 768; # multi_accept on; } http { ## # Basic Settings ## sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; client_max_body_size 1000M; # server_tokens off; # server_names_hash_bucket_size 64; # server_name_in_redirect off; include /etc/nginx/mime.types; default_type application/octet-stream; ## # SSL Settings ## ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE ssl_prefer_server_ciphers on; ## # Logging Settings ## access_log /var/log/nginx/access.log; error_log /var/log/nginx/error.log; ## # Gzip Settings ## gzip on; gzip_disable "msie6"; gzip_vary on; # gzip_proxied any; # gzip_comp_level 6; # gzip_buffers 16 8k; # gzip_http_version 1.1; # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript; gzip_comp_level 6; gzip_min_length 1100; gzip_buffers 16 8k; gzip_proxied any; gzip_types text/plain text/css text/js text/xml text/javascript application/javascript application/x-javascript application/json application/xml application/xml+rss; ## # Virtual Host Configs ## include /etc/nginx/conf.d/*.conf; include /etc/nginx/sites-enabled/*; server_tokens off; # config to don't allow the browser to render the page inside an frame or iframe # and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking # if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri # https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options add_header X-Frame-Options SAMEORIGIN; # when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header, # to disable content-type sniffing on some browsers. # https://www.owasp.org/index.php/List_of_useful_HTTP_headers # currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx # http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx # 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020 add_header X-Content-Type-Options nosniff; # This header enables the Cross-site scripting (XSS) filter built into most recent web browsers. # It's usually enabled by default anyway, so the role of this header is to re-enable the filter for # this particular website if it was disabled by the user. # https://www.owasp.org/index.php/List_of_useful_HTTP_headers add_header X-XSS-Protection "1; mode=block"; }
我怀疑Nginx是显示在IP的默认服务器上的网站,这将显得有些随机。 想到两个可能的解决scheme。
1,为该网站设置https并转发给http,这很容易。 您可以使用Let's Encrypt免费的证书。
2,在https上设置一个默认服务器并返回一个错误码。 这将需要在一个域和标记default_server。 我只在http上执行此操作,因为我的所有网站都有https。 这个问题已经涵盖了这个问题 。
像大多数时候一样,答案是简单的东西。 我的设置的问题是由于缺lesssites-enabled的symlink引起的…
当然,我也需要解决http和https的默认服务器。
如果你在Hostinger上,你可能想把它添加到wp-config.php(如果WordPress)或者index.php(如果有的话):
$_SERVER['REQUEST_SCHEME'] = 'http'; $_SERVER['SERVER_PORT'] = '80';
它解决了我的随机httpsredirect,我希望它可以帮助别人!