我需要让域的根目录严格运行非 SSL,但允许子文件夹使用 SSL。我采用的当前配置来自https://stackoverflow.com/questions/12398514/nginx-https-when-only-matching-admin-subfolder
当我实现这一点时,域的根目录和需要 SSL 的子文件夹都会得到 404:
server {
listen 80;
server_name DOMAIN.com www.DOMAIN.com;
access_log /home/nginx/domains/DOMAIN.com/log/access.log combined;
error_log /home/nginx/domains/DOMAIN.com/log/error.log;
location /members {
return 301 https://$server_name$request_uri;
}
location / {
root /home/nginx/domains/DOMAIN.com/public;
# block common exploits, sql injections etc
# include /usr/local/nginx/conf/block.conf;
# Enables directory listings when index file not found
autoindex on;
try_files $uri $uri/ /index.php?$args;
}
location ~* /(wp-login\.php) {
limit_req zone=xwplogin burst=1 nodelay;
# limit_conn xwpconlimit 30;
# auth_basic "Private";
# auth_basic_user_file /home/nginx/domains/DOMAIN.com/htpasswd_wplogin;
include /usr/local/nginx/conf/php-wpsc.conf;
}
location ~* /(xmlrpc\.php) {
limit_req zone=xwplogin burst=2 nodelay;
#limit_conn xwpconlimit 30;
include /usr/local/nginx/conf/php-wpsc.conf;
}
location /nginx_status {
stub_status on;
access_log off;
allow 108.24.115.207;
deny all;
}
#include /usr/local/nginx/conf/wpsecure_DOMAIN.com.conf;
include /usr/local/nginx/conf/staticfiles.conf;
#include /usr/local/nginx/conf/drop.conf;
include /usr/local/nginx/conf/php.conf;
#include /usr/local/nginx/conf/phpstatus.conf;
#include /usr/local/nginx/conf/errorpage.conf;
}
server {
listen 443 ssl spdy;
server_name DOMAIN.com www.DOMAIN.com;
ssl_certificate /usr/local/nginx/conf/ssl/DOMAINcom/ssl-unified.crt;
ssl_certificate_key /usr/local/nginx/conf/ssl/DOMAINcom/ssl.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!CAMELLIA;
ssl_prefer_server_ciphers on;
add_header Alternate-Protocol 443:npn-spdy/3;
#add_header Strict-Transport-Security "max-age=31536000; includeSubdomains;";
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options SAMEORIGIN;
# nginx 1.5.9+ or higher
# http://nginx.org/en/docs/http/ngx_http_spdy_module.html#spdy_headers_comp
# http://nginx.org/en/docs/http/ngx_http_ssl_module.html#ssl_buffer_size
# spdy_headers_comp 0;
ssl_buffer_size 4k;
# enable ocsp stapling
resolver 8.8.8.8;
ssl_stapling on;
ssl_stapling_verify on;
# ssl_trusted_certificate /usr/local/nginx/conf/ssl/DOMAINcom/ssl-trusted.crt;
# ngx_pagespeed & ngx_pagespeed handler
#include /usr/local/nginx/conf/pagespeed.conf;
#include /usr/local/nginx/conf/pagespeedhandler.conf;
#include /usr/local/nginx/conf/pagespeedstatslog.conf;
# limit_conn limit_per_ip 16;
# ssi on;
access_log /home/nginx/domains/DOMAIN.com/log/access.log combined;
error_log /home/nginx/domains/DOMAIN.com/log/error.log;
location /members {
root /home/nginx/domains/DOMAIN.com/public;
}
location / {
return 301 http://$server_name$request_uri;
}
#include /usr/local/nginx/conf/wpsecure_DOMAIN.com.conf;
include /usr/local/nginx/conf/staticfiles.conf;
#include /usr/local/nginx/conf/drop.conf;
include /usr/local/nginx/conf/php.conf;
#include /usr/local/nginx/conf/phpstatus.conf;
#include /usr/local/nginx/conf/errorpage.conf;
}