1
我的目標是重定向我的網站是這樣的:Nginx的重定向到HTTPS部分工作
http://EXAMPLE.com/到https://EXAMPLE.com/(工作)
http://www.EXAMPLE.com/到https://EXAMPLE.com/(不工作)。這一個目前重定向到https://www.EXAMPLE.com/。
此外,即使我沒有在下面的服務器部分中定義api.EXAMPLE.com,當我輸入URL爲http://api.EXAMPLE.com/時,它將被重定向到https://api.EXAMPLE.com/。我相信這與解析爲相同IP地址的DNS記錄有關。我寧願它顯示頁面沒有找到,而不是重定向。
DNS記錄:
Type Name Value TTL A @ 35.161.XX.XX 600 seconds A api 35.161.XX.XX 1 Hour A www 35.161.XX.XX 1 Hour
而Nginx的配置文件:
# For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; # Load dynamic modules. See /usr/share/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; #keepalive_timeout 65; keepalive_timeout 15; types_hash_max_size 2048; # Enable HTTPS by default on all our websites #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; #php max upload limit cannot be larger than this client_max_body_size 40m; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; index index.php index.html index.htm; # Upstream to abstract backend connection(s) for PHP. upstream php { #this should match value of "listen" directive in php-fpm pool server unix:/tmp/php-fpm.sock; #server 127.0.0.1:9000; } # Redirect unsecured port 80 traffic (http://) to port 443 (https://) server { listen 80 default_server; listen [::]:80 default_server; server_name EXAMPLE.com www.EXAMPLE.com; #return 301 $scheme://EXAMPLE.com$request_uri; #return 301 https://$host$request_uri; return 301 https://EXAMPLE.com$request_uri; } #server { # listen 80 default_server; # listen [::]:80 default_server; #server_name localhost; # server_name EXAMPLE.com; #root /usr/share/nginx/html; # root /var/www/nginx; # Load configuration files for the default server block. # include /etc/nginx/default.d/*.conf; # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} #} # Settings for a TLS enabled server. server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; server_name EXAMPLE.com; root /var/www/nginx; #For Basic Auth auth_basic "Restricted"; auth_basic_user_file /var/www/nginx/.htpasswd; #ssl_certificate "/etc/pki/tls/certs/EXAMPLE.crt"; #ssl_certificate_key "/etc/pki/tls/private/EXAMPLE.key"; ssl_certificate "/etc/letsencrypt/live/EXAMPLE.com/cert.pem"; ssl_certificate_key "/etc/letsencrypt/live/EXAMPLE.com/privkey.pem"; # It is *strongly* recommended to generate unique DH parameters # Generate them with: openssl dhparam -out /etc/pki/nginx/dhparams.pem 2048 #ssl_dhparam "/etc/pki/nginx/dhparams.pem"; ssl_dhparam "/etc/pki/tls/dhparams.pem"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP; ssl_prefer_server_ciphers on; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; } }
它的行爲就像[HTTP嚴格傳輸安全(https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security)生效。如果您最近禁用了HSTS,則需要重置瀏覽器以使其忘記。 –
謝謝理查德。根據你的領導,我可以在Chrome中重置我的HSTS。 –