Nginx 重定向配置后网站仍然需要从 HTTP 重定向到 https

Nginx 重定向配置后网站仍然需要从 HTTP 重定向到 https

我使用 AWS EC2 使用负载均衡器构建网站。但渗透测试结果显示,该网站仍然可以通过http访问。我已经检查过,在 Nginx 配置文件中,我们确实有一个 http 到 https 的重定向。

   server {
        listen       80 default_server;
        listen       [::]:80 default_server;
        server_name  _;
        root         /usr/share/nginx/html;
        return         301 https://$server_name$request_uri;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;
    # disable checking file size for upload
    client_max_body_size 0;

        location / {
        proxy_pass http://127.0.0.1:8000/;
                proxy_set_header HOST \$host;
                proxy_set_header X-Forwarded-Proto \$scheme;
                proxy_set_header X-Real-IP \$remote_addr;
                proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
        }

    location /flower/ {
        # rewrite ^/flower/(.*)$ /\$1 break;
        proxy_pass http://127.0.0.1:5555/;
                proxy_set_header HOST \$host;
                proxy_set_header X-Forwarded-Proto \$scheme;
                proxy_set_header X-Real-IP \$remote_addr;
                proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
    }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }

    # Settings for a TLS enabled server.
    
        server {
            listen       443 ssl http2 default_server;
            listen       [::]:443 ssl http2 default_server;
            server_name  _;
            root         /usr/share/nginx/html;

为什么网站仍然允许HTTP通信?

相关内容