当客户端浏览器支持时,我想将对我网站的 HTTP 请求重定向到 HTTPS。我的网络服务器是lighttpd。
答案1
这就是我手动完成的方法,使用升级不安全请求标头。我分享它是因为我没有找到关于 lighttpd 的文档,但它似乎有效。
在域的lighttpd配置中,添加以下内容:
$HTTP["host"] =~ "^example\.com$" {
$HTTP["scheme"] == "http" {
$REQUEST_HEADER["Upgrade-Insecure-Requests"] == "1" {
# Follows https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Upgrade-Insecure-Requests
# Adding the header only works if mod_setenv is loaded before mod_redirect in the server config!
# (See https://redmine.lighttpd.net/issues/1895)
setenv.add-response-header = (
"Vary" => "Upgrade-Insecure-Requests"
)
url.redirect-code = 307
url.redirect = ("/(.*)" => "https://example.com/$1")
}
}
# ... any extra configuration for domain example.com ...
}
并重新启动lighttpd以使更改生效。
注意:这需要加载 mod_setenv 和 mod_redirect,并假设不需要发送其他标头作为重定向响应的一部分。
答案2
lighttpd 文档的官方来源自 2007 年起就有以下 wiki 页面:https://wiki.lighttpd.net/HowToRedirectHttpToHttps
在 lighttpd 的现代版本中:
server.modules += ("mod_redirect")
$HTTP["scheme"] == "http" {
url.redirect = ("" => "https://${url.authority}${url.path}${qsa}")
url.redirect-code = 308
}
到适当地使用Vary: Upgrade-Insecure-Requests响应标头响应所有http请求可能https被重定向,并且仅当Upgrade-Insecure-Requests设置时才重定向到:
server.modules += ("mod_setenv", "mod_redirect")
$HTTP["scheme"] == "http" {
# Follows https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Upgrade-Insecure-Requests
# Adding the header only works if mod_setenv is loaded before mod_redirect in lighttpd.conf!
# (See https://redmine.lighttpd.net/issues/1895)
setenv.add-response-header = ("Vary" => "Upgrade-Insecure-Requests")
$REQUEST_HEADER["Upgrade-Insecure-Requests"] == "1" {
url.redirect = ("" => "https://${url.authority}${url.path}${qsa}")
url.redirect-code = 308
}
}