我已经自行编译了支持http2的nginx 1.9.14:
nginx version: nginx/1.9.14
built by gcc 4.9.2 (Debian 4.9.2-10)
built with OpenSSL 1.0.1k 8 Jan 2015
TLS SNI support enabled
因此,我的配置中有一个location = /块,它应该仅在用户访问根站点 ( https://myserver.example.com/) 时添加标头。但是,当我在 Firefox 中访问我的服务器时,/位置块 ( WhereIAm) 中的标头未添加:
Content-Encoding: gzip
Content-Type: text/html
Date: Thu, 21 Apr 2016 07:12:11 GMT
Etag: W/"570bf892-363"
Last-Modified: Mon, 11 Apr 2016 19:18:42 GMT
Server: nginx
Strict-Transport-Security: max-age=15768000; includeSubDomains; preload
X-Content-Type-Options: nosniff
X-Firefox-Spdy: h2
headerend: AtTheEnd
testing: IsTLS
x-something: ALsoAtTheEnd
这是我的 nginx 配置:
server {
listen 80;
listen [::]:80;
server_name myserver.example.com;
root /var/www/html;
server_tokens off;
add_header testing IsHTTP;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name myserver.example.com;
root /var/www/html;
server_tokens off;
index index.php index.html index.htm;
# -- TEST BEGIN --
location = /configtest {
#echo "itworks";
add_header itworks configtest;
}
add_header testing IsTLS;
location = / {
add_header WhereIAm Is:/;
}
location /testdir1 {
add_header WhereIAm Is:/testdir1;
}
location = /testdir2 {
add_header WhereIAm Is:/testdir2;
}
# -- TEST END --
# -- PARSER --
location ~ \.php$ {
#location ~ \..*/.*\.php$ {return 404;}
include snippets/fastcgi-php.conf;
#
# # With php5-cgi alone:
# fastcgi_pass 127.0.0.1:9000;
# # With php5-fpm:
fastcgi_pass unix:/var/run/php5-fpm.sock;
}
# -- HTTPS --
# certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
ssl_certificate /path/to/my/certificate;
ssl_certificate_key /path/to/my/privatekey;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
# HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload";
# OCSP Stapling ---
# fetch OCSP records from URL in ssl_certificate and cache them
ssl_stapling on;
ssl_stapling_verify on;
## verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate /path/to/the/rootandintermediatecerts;
# more headers
add_header X-Something ALsoAtTheEnd;
add_header HeaderEnd AtTheEnd;
add_header X-Content-Type-Options nosniff;
# deny access to Apache config files
location ~ /\.ht {
deny all;
}
}
因此,当我访问https://myserver.example.com/testdir1/(并且testdir1是存在于我的服务器上的目录)时,它会添加正确的标头:
Content-Encoding: gzip
Content-Type: text/html
Date: Thu, 21 Apr 2016 07:24:22 GMT
Etag: W/"571538f2-363"
Last-Modified: Mon, 18 Apr 2016 19:43:46 GMT
Server: nginx
X-Firefox-Spdy: h2
whereiam: Is:/testdir1
更令人困惑的是,当我将位置块更改为以下内容时:
location = / {
echo "ThisIsATest";
add_header WhereIAm Is:/;
}
(我已经用编译了 nginx echo-nginx-module)
Nginx 在访问时不仅返回测试字符串,而且还添加正确的标头:
Content-Type: application/octet-stream
Date: Thu, 21 Apr 2016 07:32:01 GMT
Server: nginx
X-Firefox-Spdy: h2
whereiam: Is:/
那么这里发生了什么,我怎样才能让 nginx 仅在用户访问时添加标头/?