我已经搜索了很长时间,但似乎没有找到合适的方法——也许我搜索的不是正确的东西。无论如何,我们有一个 www.example.com 和一个 secure.example.com。我能够成功地将不安全的请求重定向到安全子域上的 SSL,但我无法将 www 子域上的安全请求重定向到安全子域。以下是我的 nginx.conf——有人能帮我吗?谢谢!
worker_processes 4;
error_log /var/log/nginx/error.log;
events {
worker_connections 4096;
}
http {
include mime.types;
default_type application/octet-stream;
sendfile on;
keepalive_timeout 65;
gzip on;
gzip_static on;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain application/xml;
gzip_disable "MSIE [1-6]\.";
gzip_vary on;
upstream example {
server unix:/home/deploy/tmp/sockets/unicorn.sock;
}
server {
listen 443;
server_name www.example.com;
rewrite ^ https://secure.example.com$request_uri? permanent;
}
server {
listen 80;
server_name www.example.com;
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|js|swf|haml|ttf|eot|woff|svg)$ {
root /home/deploy/example/current/public;
expires max;
access_log off;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header Host $http_host;
proxy_redirect off;
client_max_body_size 25M;
error_page 500 501 502 503 504 /temporarily_down.html;
proxy_pass http://example;
}
location /temporarily_down.html {
root /home/deploy/example/current/public;
}
}
server {
listen 443 default_server ssl;
server_name secure.example.com;
ssl on;
ssl_certificate /etc/ssl/staging_combined.crt;
ssl_certificate_key /etc/ssl/staging.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH;
ssl_prefer_server_ciphers on;
if ($ssl_protocol = "") {
rewrite ^ https://$server_name$request_uri? permanent;
}
location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|js|swf|haml|ttf|eot|woff|svg)$ {
root /home/deploy/example/current/public;
expires max;
access_log off;
}
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
error_page 500 501 502 503 504 /temporarily_down.html;
client_max_body_size 25M;
proxy_pass http://example;
}
location /temporarily_down.html {
root /home/deploy/example/current/public;
}
}
}
答案1
遇到了同样的问题 - 只需确保 443 重定向服务器块具有“ssl on”。
所以在你的例子中;
server {
listen 443;
server_name www.example.com;
ssl on;
ssl_certificate /etc/ssl/staging_combined.crt;
ssl_certificate_key /etc/ssl/staging.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers RC4:HIGH:!aNULL:!MD5:!kEDH;
ssl_prefer_server_ciphers on;
rewrite ^ https://secure.example.com$request_uri? permanent;
}