1. 首頁
  2. 問答
  3. NGINX 2域在同一個IP上,想要重定向到HTTPS

NGINX 2域在同一個IP上,想要重定向到HTTPS

2016-07-12 43 views
0

我有2個域在我的服務器上運行,NGINX只是代理它們到節點應用程序。我有一個證書,但另一個我只是使用cloudflare來提供HTTPS。我想確保當用戶訪問任何域時,他們總是被重定向到域的HTTPS版本,而不需要www。這是我目前的配置,在取消了域2配置文件塊似乎打破這兩個網站:(NGINX 2域在同一個IP上,想要重定向到HTTPS

domain1的配置文件:

upstream domain1.com { 
    server 127.0.0.1:8000; 
    keepalive 8; 
} 

server { 

    listen 0.0.0.0:80; 
    server_name domain1.com www.domain1.com; 
    return 301 https://domain1.com$request_uri; 

} 

server { 
    #listen 80; 
    listen 443 ssl http2; 
    server_name domain1.com; 
    access_log /var/log/nginx/domain1.com.log; 

    root /var/www/domain1.com/client/public; 

    include /etc/nginx/global/cloudflare-allow.conf; 

    ssl_certificate /etc/nginx/ssl/domain1.crt; 
    ssl_certificate_key /etc/nginx/ssl/domain1.key; 

    if ($bad_referer) { 
     return 444; 
    } 

    location/{ 
     proxy_http_version 1.1; 
     proxy_set_header X-Real-IP $remote_addr; 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
     proxy_set_header Host $http_host; 
     proxy_set_header X-NginX-Proxy true; 
     proxy_set_header Connection ""; 

     proxy_pass http://domain1.com; 
     proxy_redirect off; 
    } 

    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|webp)$ { 
     expires 1M; 
     access_log off; 
     add_header Cache-Control "public"; 
    } 

    # CSS and Javascript 
    location ~* \.(?:css|js)$ { 
     expires 1y; 
     access_log off; 
     add_header Cache-Control "public"; 
    } 

    location ~* \.(?:rss|atom)$ { 
     expires 1h; 
     add_header Cache-Control "public"; 
    } 

    location ~* \.(?:manifest|appcache|html?|xml|json)$ { 
     expires -1; 
    } 

} 

server { 

    listen 443 ssl http2; 
    server_name www.domain1.com; 
    return 301 https://domain1.com$request_uri; 

}

域2配置文件:

upstream domain2.com { 
    server 127.0.0.1:9000; 
    keepalive 8; 
} 

#server { 
# listen 80; 
# server_name domain2.com www.domain2.com; 
# return 301 https://$server_name$request_uri; 
#} 

server { 
    listen 80; 
    #listen 443 ssl http2; 
    server_name domain2.com; 
    access_log /var/log/nginx/domain2.com.log; 

    root /var/www/domain2.com; 

    include /etc/nginx/global/cloudflare-allow.conf; 

    if ($bad_referer) { 
     return 444; 
    } 

    location/{ 
     proxy_http_version 1.1; 
     proxy_set_header X-Real-IP $remote_addr; 
     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
     proxy_set_header Host $http_host; 
     proxy_set_header X-NginX-Proxy true; 
     proxy_set_header Connection ""; 

     proxy_pass http://domain2.com; 
     proxy_redirect off; 
    } 

    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|webp)$ { 
     expires 1M; 
     access_log off; 
     add_header Cache-Control "public"; 
    } 

    # CSS and Javascript 
    location ~* \.(?:css|js)$ { 
     expires 1y; 
     access_log off; 
     add_header Cache-Control "public"; 
    } 

    location ~* \.(?:rss|atom)$ { 
     expires 1h; 
     add_header Cache-Control "public"; 
    } 

    location ~* \.(?:manifest|appcache|html?|xml|json)$ { 
     expires -1; 
    } 

}

來源

2016-07-12 Darryl Snow

回答

1

當通過CloudFlare的Flexible SSL模式完成SSL時,與原點的通信是通過端口80的HTTP流量。

爲了檢測此流量是否爲HTTPS,您不能使用HTTPS環境變量,則必須檢查X-Forwarded-Proto標頭是否設置爲HTTPS。

可以在Nginx的如下做到這一點:

if ($http_x_forwarded_proto != "https") { 
    rewrite ^(.*)$ https://$server_name$1 permanent; 
}

更簡單的方法來做到這一點,您只需設置一個"Always use HTTPS" Page Rule in CloudFlare

來源

2016-07-12 14:33:49 mjsa

相關問題

 相關問題