我需要保持域的根严格运行非SSL,但允许子文件夹使用SSL。 我从当前configuration采取从https://stackoverflow.com/questions/12398514/nginx-https-when-only-matching-admin-subfolder
当我实现这个时,我得到了域的根和需要SSL的子文件夹的404:
server { listen 80; server_name DOMAIN.com www.DOMAIN.com; access_log /home/nginx/domains/DOMAIN.com/log/access.log combined; error_log /home/nginx/domains/DOMAIN.com/log/error.log; location /members { return 301 https://$server_name$request_uri; } location / { root /home/nginx/domains/DOMAIN.com/public; # block common exploits, sql injections etc # include /usr/local/nginx/conf/block.conf; # Enables directory listings when index file not found autoindex on; try_files $uri $uri/ /index.php?$args; } location ~* /(wp-login\.php) { limit_req zone=xwplogin burst=1 nodelay; # limit_conn xwpconlimit 30; # auth_basic "Private"; # auth_basic_user_file /home/nginx/domains/DOMAIN.com/htpasswd_wplogin; include /usr/local/nginx/conf/php-wpsc.conf; } location ~* /(xmlrpc\.php) { limit_req zone=xwplogin burst=2 nodelay; #limit_conn xwpconlimit 30; include /usr/local/nginx/conf/php-wpsc.conf; } location /nginx_status { stub_status on; access_log off; allow 108.24.115.207; deny all; } #include /usr/local/nginx/conf/wpsecure_DOMAIN.com.conf; include /usr/local/nginx/conf/staticfiles.conf; #include /usr/local/nginx/conf/drop.conf; include /usr/local/nginx/conf/php.conf; #include /usr/local/nginx/conf/phpstatus.conf; #include /usr/local/nginx/conf/errorpage.conf; } server { listen 443 ssl spdy; server_name DOMAIN.com www.DOMAIN.com; ssl_certificate /usr/local/nginx/conf/ssl/DOMAINcom/ssl-unified.crt; ssl_certificate_key /usr/local/nginx/conf/ssl/DOMAINcom/ssl.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA; ssl_prefer_server_ciphers on; add_header Alternate-Protocol 443:npn-spdy/3; #add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;"; add_header X-Content-Type-Options "nosniff"; add_header X-Frame-Options SAMEORIGIN; # nginx 1.5.9+ or higher # http://nginx.org/en/docs/http/ngx_http_spdy_module.html#spdy_headers_comp # http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size # spdy_headers_comp 0; ssl_buffer_size 4k; # enable ocsp stapling resolver 8.8.8.8; ssl_stapling on; ssl_stapling_verify on; # ssl_trusted_certificate /usr/local/nginx/conf/ssl/DOMAINcom/ssl-trusted.crt; # ngx_pagespeed & ngx_pagespeed handler #include /usr/local/nginx/conf/pagespeed.conf; #include /usr/local/nginx/conf/pagespeedhandler.conf; #include /usr/local/nginx/conf/pagespeedstatslog.conf; # limit_conn limit_per_ip 16; # ssi on; access_log /home/nginx/domains/DOMAIN.com/log/access.log combined; error_log /home/nginx/domains/DOMAIN.com/log/error.log; location /members { root /home/nginx/domains/DOMAIN.com/public; } location / { return 301 http://$server_name$request_uri; } #include /usr/local/nginx/conf/wpsecure_DOMAIN.com.conf; include /usr/local/nginx/conf/staticfiles.conf; #include /usr/local/nginx/conf/drop.conf; include /usr/local/nginx/conf/php.conf; #include /usr/local/nginx/conf/phpstatus.conf; #include /usr/local/nginx/conf/errorpage.conf; }