我有一个由nginx服务的Rails应用程序。 我用这个conf在所有路由上启用了ssl:
server { listen [::]:80; listen 80; server_name domain.com; access_log /var/log/nginx/domain-access.log; error_log /var/log/nginx/domain-error.log; return 301 https://$host:443$request_uri; } server { listen [::]:443 ssl spdy; listen 443 ssl spdy; server_name domain.com; access_log /var/log/nginx/domain-access.log; error_log /var/log/nginx/domain-error.log; ssl_certificate /home/dokku/domain/tls/server.crt; ssl_certificate_key /home/dokku/domain/tls/server.key; keepalive_timeout 70; add_header Alternate-Protocol 443:npn-spdy/2; location / { gzip on; gzip_min_length 1100; gzip_buffers 4 32k; gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xm$ gzip_vary on; gzip_comp_level 6; proxy_pass http://domain; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection upgrade; proxy_set_header Host $http_host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-For $remote_addr; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Request-Start $msec; } include /home/dokku/domain/nginx.conf.d/*.conf; } 我想在某些路由上允许(但不强制)非ssl连接,如下所示:
domain.com => enforce ssl domain.com/l/* => allow non-ssl domain.com/* => enforce ssl
我如何完成这个我的conf以上?
谢谢!