服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Nginx将所有位置块redirect到除1之外的https
Intereting Posts
无法删除Ubuntu中的RubyGem 你如何去除清漆? Mod_Rewrite配方 如何在login时加载encryption卷(Ubuntu 12.04,pam_mount) 服务器监控 Exchange 2007对共享帐户的只读权限 Hyper-V私人连接 apache基准testing有多准确? 最好为SAN服务器select8 x 2.5“或4 x 3.5”HDD? KVM和bridge_stp设置 什么是最快和最可靠的方式传输大量的文件? 改变默认的MySQL系统优先级是一个好主意吗? 无法通过IPv6连接到filezilla服务器 Windows 7 – 远程桌面 – 保存证书…它保存不正确的用户名 如何在Solaris 8中禁用finger服务

Nginx将所有位置块redirect到除1之外的https

我有一个nginxconfiguration,一切都强制为https。 我想添加一个位置块通过http服务。 我得到一个“太多redirect”与我目前的configuration。

这是configuration 

# HTTP server { listen 80 default_server; listen [::]:80 default_server ipv6only=on; server_name example.com; # redirect non-SSL to SSL location / { return 301 https://$server_name$request_uri; } location /blog { rewrite ^/blog/(.*)$ /$1 break; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $host; proxy_pass http://remote-ip; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } } #HTTPS server server{ listen 443 ssl spdy; server_name example.com; ssl_certificate /path/to/pem/file/fullchain.pem; ssl_certificate_key /path/to/private/key/privkey.pem; # performance enhancement for SSL ssl_stapling on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 5m; # safety enhancement to SSL: make sure we actually use a safe cipher ssl_prefer_server_ciphers on; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:ECDHE-RSA-RC4-SHA:ECDHE-ECDSA-RC4-SHA:RC4-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK'; # config to enable HSTS(HTTP Strict Transport Security) https://developer.mozilla.org/en-US/docs/Security/HTTP_Strict_Transport_Security # to avoid ssl stripping https://en.wikipedia.org/wiki/SSL_stripping#SSL_stripping add_header Strict-Transport-Security "max-age=31536000;"; # If your application is not compatible with IE <= 10, this will redirect visitors to a page advising a browser update # This works because IE 11 does not present itself as MSIE anymore if ($http_user_agent ~ "MSIE" ) { return 303 https://browser-update.org/update.html; } location /blog { return 301 http://$host$request_uri; } # pass all requests to Meteor location /{ # meteor application config } }

正如你可以在configuration中看到的,所有阻止/blog请求被反向代理到另一台服务器。 我不想在这里执行https

如前所述,如果我去example.com/blog ,我会得到一个“太多的redirect”。 其他位置块正在按预期工作。

你不能这样做,因为你启用HSTS,从而告诉浏览器只能通过HTTPS浏览你的域名。 如果您需要这样做,请删除此行并清除您的浏览器caching: 

 add_header Strict-Transport-Security "max-age=31536000;";