Nginx HTTPS 重定向导致循环

tag-icon tag-icon nginx ssl php-fpm
Nginx HTTPS 重定向导致循环

我一直在绞尽脑汁想解决这个问题,所以如果有人能帮忙,我将不胜感激。我的 Nginx 配置有三个不同的重定向循环,但都无法让其中任何一个正常工作。这三个问题区域是:

  • 将 memcache 目录重定向到 SSL
  • 将账户目录重定向到 SSL
  • 如果非 www,则将 SSL 重定向到 www

nginx.conf:

user  nginx;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                  '$status $body_bytes_sent "$http_referer" '
                  '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;
    error_log   /var/log/nginx/error.log  notice;
    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;
    proxy_set_header X-Url-Scheme $scheme;

    #gzip  on;
    rewrite_log on;
    include /etc/nginx/conf.d/*.conf;
}

conf.d/default.conf:

server {
    listen       80;
    server_name  <redacted>.net;
    rewrite      ^(.*) http://www.<redacted>.net$1;
}

server {
    listen       80;
    server_name  www.<redacted>.net;

    set_real_ip_from 192.168.30.4;
    set_real_ip_from 192.168.30.5;
    set_real_ip_from 192.168.30.10;
    real_ip_header   X-Forwarded-For;

    #charset koi8-r;
    access_log  /var/log/nginx/host.access.log  main;

    root        /var/www/html;
    index       index.php index.html index.htm;

    location  =/memcache {
        rewrite ^/(.*)$ https://$server_name$request_uri? permanent;
    }

    location /accounts {
        rewrite ^/(.*)$ https://$server_name$request_uri? permanent;
    }

    #error_page  404              /404.html;

    # redirect server error pages to the static page /50x.html
    #
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
    }

    # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
    #
    location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include        /etc/nginx/fastcgi_params;
        try_files      $uri = 404;
    }

    # deny access to .htaccess files, if Apache's document root
    # concurs with nginx's one
    #
    location ~ /\.ht {
        deny  all;
    }
}

conf.d/ssl.conf:

# HTTPS server
#
server {
    listen       443;
    server_name  <redacted>.net;
    rewrite      ^(.*) https://www.<redacted>.net$1;
}

server {
    listen       443 default_server ssl;
    server_name  www.<redacted>.net;

    set_real_ip_from 192.168.30.4;
    set_real_ip_from 192.168.30.5;
    set_real_ip_from 192.168.30.10;
    real_ip_header   X-Forwarded-For;

    proxy_set_header X-Forwarded_Proto https;
    proxy_set_header Host $host;
    proxy_redirect off;
    proxy_max_temp_file_size 0;
    proxy_set_header X-Forwarded-Ssl on;
    set $https_enabled on;

    ssl_certificate      <redacted>.crt;
    ssl_certificate_key  <redacted>.key;

    ssl_session_timeout  5m;

    ssl_protocols  SSLv2 SSLv3 TLSv1;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers   on;

    root        /var/www/html;
    index       index.php index.html index.htm;

    location  /memcache {
        auth_basic "Restricted";
        auth_basic_user_file  $document_root/memcache/.htpasswd;
    }

    location ~ \.php$ {
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
        fastcgi_param  HTTPS on;
        include        /etc/nginx/fastcgi_params;
        try_files      $uri = 404;
    }

}

答案1

您能否尝试以下配置。这非常简单,我看不出有任何理由使用重定向。您只需返回并退出即可。

请注意!这尚未测试!

root              /var/www/html;
index             index.php index.html index.htm;
error_page        500 502 503 504 /50x.html;
access_log        /var/log/nginx/host.access.log  main;

server {
  listen            [::]:80;
  listen            [::]:443 ssl;
  server_name       <redacted>.net;
  return            301 $scheme://<redacted>.net$request_uri;
}

server {
  listen            [::]:80;
  server_name       www.<redacted>.net;

  set_real_ip_from  192.168.30.4;
  set_real_ip_from  192.168.30.5;
  set_real_ip_from  192.168.30.10;
  real_ip_header    X-Forwarded-For;

  location ~ /\.ht {
    deny all;
  }

  location = /memcache {
    return 301 https://$server_name$request_uri;
  }

  location = /accounts {
    return 301 https://$server_name$request_uri;
  }

  location ~ \.php$ {
    fastcgi_pass    127.0.0.1:9000;
    fastcgi_index   index.php;
    fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include         fastcgi_params;
    try_files       $uri =404;
  }
}

server {
  listen            [::]:443 ssl;
  server_name       www.<redacted>.net;

  set_real_ip_from  192.168.30.4;
  set_real_ip_from  192.168.30.5;
  set_real_ip_from  192.168.30.10;
  real_ip_header    X-Forwarded-For;

  proxy_set_header          X-Forwarded_Proto https;
  proxy_set_header          Host $host;
  proxy_set_header          X-Forwarded-Ssl on;
  proxy_redirect            off;
  proxy_max_temp_file_size  0;
  set                       $https_enabled on;

  ssl_certificate           <redacted>.crt;
  ssl_certificate_key       <redacted>.key;

  ssl_session_timeout       5m;

  ssl_protocols             SSLv2 SSLv3 TLSv1;
  ssl_ciphers               HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers on;

  location ~ /\.ht {
    deny all;
  }

  location ~ \.php$ {
    fastcgi_pass    127.0.0.1:9000;
    fastcgi_index   index.php;
    fastcgi_param   SCRIPT_FILENAME $document_root$fastcgi_script_name;
    include         fastcgi_params;
    try_files       $uri =404;
  }
}

相关内容