我一直在寻找相当长的这一个,但我似乎没有看到作品的权利 – 也许我不是在寻找正确的事情。 无论如何,我们有一个www.example.com和一个secure.example.com。 我能够成功地将不安全的请求redirect到安全子域上的SSL,但我在将www子域上的安全请求redirect到安全子域时遇到问题。 以下是我的nginx.conf – 任何人都可以帮我一把吗? 谢谢!
worker_processes 4; error_log /var/log/nginx/error.log; events { worker_connections 4096; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; gzip on; gzip_static on; gzip_min_length 1000; gzip_proxied expired no-cache no-store private auth; gzip_types text/plain application/xml; gzip_disable "MSIE [1-6]\."; gzip_vary on; upstream example { server unix:/home/deploy/tmp/sockets/unicorn.sock; } server { listen 443; server_name www.example.com; rewrite ^ https://secure.example.com$request_uri? permanent; } server { listen 80; server_name www.example.com; location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|js|swf|haml|ttf|eot|woff|svg)$ { root /home/deploy/example/current/public; expires max; access_log off; } location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto http; proxy_set_header Host $http_host; proxy_redirect off; client_max_body_size 25M; error_page 500 501 502 503 504 /temporarily_down.html; proxy_pass http://example; } location /temporarily_down.html { root /home/deploy/example/current/public; } } server { listen 443 default_server ssl; server_name secure.example.com; ssl on; ssl_certificate /etc/ssl/staging_combined.crt; ssl_certificate_key /etc/ssl/staging.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH; ssl_prefer_server_ciphers on; if ($ssl_protocol = "") { rewrite ^ https://$server_name$request_uri? permanent; } location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|js|swf|haml|ttf|eot|woff|svg)$ { root /home/deploy/example/current/public; expires max; access_log off; } location / { proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header Host $http_host; proxy_redirect off; error_page 500 501 502 503 504 /temporarily_down.html; client_max_body_size 25M; proxy_pass http://example; } location /temporarily_down.html { root /home/deploy/example/current/public; } } } 有同样的问题 – 只要确保443redirect服务器块有“ssl on”。
所以在你的例子中
server { listen 443; server_name www.example.com; ssl on; ssl_certificate /etc/ssl/staging_combined.crt; ssl_certificate_key /etc/ssl/staging.key; ssl_session_timeout 5m; ssl_protocols SSLv3 TLSv1; ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH; ssl_prefer_server_ciphers on; rewrite ^ https://secure.example.com$request_uri? permanent; }