如何配置lighttpd将HTTP重定向到HTTPS?

如何配置lighttpd将HTTP重定向到HTTPS?

当客户端浏览器支持时,我想将对我网站的 HTTP 请求重定向到 HTTPS。我的网络服务器是lighttpd。

答案1

这就是我手动完成的方法,使用升级不安全请求标头。我分享它是因为我没有找到关于 lighttpd 的文档,但它似乎有效。

在域的lighttpd配置中,添加以下内容:

$HTTP["host"] =~ "^example\.com$" {
        $HTTP["scheme"] == "http" {
                $REQUEST_HEADER["Upgrade-Insecure-Requests"] == "1" {
                        # Follows https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Upgrade-Insecure-Requests
                        # Adding the header only works if mod_setenv is loaded before mod_redirect in the server config!
                        # (See https://redmine.lighttpd.net/issues/1895)
                        setenv.add-response-header = (
                            "Vary" => "Upgrade-Insecure-Requests" 
                          )
                        url.redirect-code = 307
                        url.redirect = ("/(.*)" => "https://example.com/$1")
                }
        }
        # ... any extra configuration for domain example.com ...
}

并重新启动lighttpd以使更改生效。

注意:这需要加载 mod_setenv 和 mod_redirect,并假设不需要发送其他标头作为重定向响应的一部分。

答案2

lighttpd 文档的官方来源自 2007 年起就有以下 wiki 页面:https://wiki.lighttpd.net/HowToRedirectHttpToHttps

在 lighttpd 的现代版本中:

server.modules += ("mod_redirect")

$HTTP["scheme"] == "http" {
    url.redirect = ("" => "https://${url.authority}${url.path}${qsa}")
    url.redirect-code = 308
}

适当地使用Vary: Upgrade-Insecure-Requests响应标头响应所有http请求可能https被重定向,并且仅当Upgrade-Insecure-Requests设置时才重定向到:

server.modules += ("mod_setenv", "mod_redirect")
$HTTP["scheme"] == "http" {
    # Follows https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Upgrade-Insecure-Requests
    # Adding the header only works if mod_setenv is loaded before mod_redirect in lighttpd.conf!
    # (See https://redmine.lighttpd.net/issues/1895)
    setenv.add-response-header = ("Vary" => "Upgrade-Insecure-Requests")
    $REQUEST_HEADER["Upgrade-Insecure-Requests"] == "1" {
        url.redirect = ("" => "https://${url.authority}${url.path}${qsa}")
        url.redirect-code = 308
    }
}

相关内容