我有一个由 nginx 提供服务的 rails 应用。我已使用以下配置在所有路由上启用了 ssl:
server {
listen [::]:80;
listen 80;
server_name domain.com;
access_log /var/log/nginx/domain-access.log;
error_log /var/log/nginx/domain-error.log;
return 301 https://$host:443$request_uri;
}
server {
listen [::]:443 ssl spdy;
listen 443 ssl spdy;
server_name domain.com;
access_log /var/log/nginx/domain-access.log;
error_log /var/log/nginx/domain-error.log;
ssl_certificate /home/dokku/domain/tls/server.crt;
ssl_certificate_key /home/dokku/domain/tls/server.key;
keepalive_timeout 70;
add_header Alternate-Protocol 443:npn-spdy/2;
location / {
gzip on;
gzip_min_length 1100;
gzip_buffers 4 32k;
gzip_types text/css text/javascript text/xml text/plain text/x-component application/javascript application/x-javascript application/json application/xml application/rss+xm$
gzip_vary on;
gzip_comp_level 6;
proxy_pass http://domain;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection upgrade;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Request-Start $msec;
}
include /home/dokku/domain/nginx.conf.d/*.conf;
}
我想允许(但不强制)某些路线上的非 SSL 连接,如下所示:
domain.com => enforce ssl
domain.com/l/* => allow non-ssl
domain.com/* => enforce ssl
根据上述配置,我该如何实现这一点?
谢谢!