如何在 nginx 中将安全请求重定向到另一个子域

tag-icon tag-icon nginx ruby-on-rails
如何在 nginx 中将安全请求重定向到另一个子域

我已经搜索了很长时间,但似乎没有找到合适的方法——也许我搜索的不是正确的东西。无论如何,我们有一个 www.example.com 和一个 secure.example.com。我能够成功地将不安全的请求重定向到安全子域上的 SSL,但我无法将 www 子域上的安全请求重定向到安全子域。以下是我的 nginx.conf——有人能帮我吗?谢谢!

worker_processes  4;
error_log  /var/log/nginx/error.log;
events {
    worker_connections  4096;
}
http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;
    gzip  on;
    gzip_static on;
    gzip_min_length 1000;
    gzip_proxied    expired no-cache no-store private auth;
    gzip_types  text/plain application/xml;
    gzip_disable  "MSIE [1-6]\.";
    gzip_vary on;

    upstream example {
      server unix:/home/deploy/tmp/sockets/unicorn.sock;
    }
    server {
        listen 443;
    server_name www.example.com;
    rewrite        ^ https://secure.example.com$request_uri? permanent;
    }
    server {
    listen 80;
        server_name  www.example.com;
        location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|js|swf|haml|ttf|eot|woff|svg)$ {
        root /home/deploy/example/current/public;
        expires max;
        access_log off;
      }
      location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto http;
        proxy_set_header Host $http_host;
        proxy_redirect off;
        client_max_body_size 25M;
        error_page   500 501 502 503 504 /temporarily_down.html;
        proxy_pass  http://example;
      }
      location /temporarily_down.html {
          root /home/deploy/example/current/public;
      }
     }
     server {
         listen 443 default_server ssl;
         server_name  secure.example.com;
         ssl on;
         ssl_certificate      /etc/ssl/staging_combined.crt;
         ssl_certificate_key  /etc/ssl/staging.key;
         ssl_session_timeout  5m;
         ssl_protocols  SSLv3 TLSv1;
         ssl_ciphers  RC4:HIGH:!aNULL:!MD5:!kEDH;
         ssl_prefer_server_ciphers   on;
         if ($ssl_protocol = "") {
          rewrite ^   https://$server_name$request_uri? permanent;
         }
         location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|js|swf|haml|ttf|eot|woff|svg)$ {
             root /home/deploy/example/current/public;
             expires max;
             access_log off;
         }
         location / {
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_set_header X-Forwarded-Proto https;
             proxy_set_header Host $http_host;
             proxy_redirect off;
         error_page   500 501 502 503 504 /temporarily_down.html;
         client_max_body_size 25M;
             proxy_pass http://example;
         }
         location /temporarily_down.html {
              root /home/deploy/example/current/public;
         }
    }
}

答案1

遇到了同样的问题 - 只需确保 443 重定向服务器块具有“ssl on”。

所以在你的例子中;

server {
    listen 443;
    server_name www.example.com;

    ssl on;
    ssl_certificate      /etc/ssl/staging_combined.crt;
    ssl_certificate_key  /etc/ssl/staging.key;
    ssl_session_timeout  5m;
    ssl_protocols  SSLv3 TLSv1;
    ssl_ciphers  RC4:HIGH:!aNULL:!MD5:!kEDH;
    ssl_prefer_server_ciphers   on;
    rewrite        ^ https://secure.example.com$request_uri? permanent;
}

相关内容