抱歉,conf 文件太乱了。我什么都试过了,所以变得一团糟。我想启用 SSL 并将所有流量重定向到 https。目前,使用下面的 conf 文件,我可以毫无问题地导航到 HTTP。HTTPS 只会重定向回 HTTP。如果我取消注释第 5 行,那么浏览器只会说重定向太多。任何帮助都非常感谢。
更新:根据以下评论,我更新了 conf 文件。同样的问题。我添加 return 301 时,出现了太多重定向错误。
# Redirect all variations to https://www domain
server {
listen 80;
server_name name.com www.name.com;
# return 301 https://www.name.com$request_uri;
}
server {
listen 443 ssl;
server_name name.com;
ssl_certificate /etc/letsencrypt/live/name.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/name.com/privkey.pem;
# Set up preferred protocols and ciphers. TLS1.2 is required for HTTP/2
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
# This is a cache for SSL connections
ssl_session_cache shared:SSL:2m;
ssl_session_timeout 60m;
#return 301 https://www.name.com$request_uri;
}
答案1
您需要两个用于重定向的服务器块(如下所示),然后是服务实际请求的主块(下面不包括,因为它取决于您的应用程序/使用情况)。
# Redirect all variations to https://www domain
server {
listen 80;
access_log /var/log/nginx/example.access.log main buffer=128k flush=60 if=$log_ua;
server_name example.com www.example.com;
return 301 https://www.example.com$request_uri;
}
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /var/lib/acme/certs/xx/fullchain;
ssl_certificate_key /var/lib/acme/certs/xx/privkey;
access_log /var/log/nginx/example.access.log main buffer=128k flush=60 if=$log_ua;
# Set up preferred protocols and ciphers. TLS1.2 is required for HTTP/2
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
# This is a cache for SSL connections
ssl_session_cache shared:SSL:2m;
ssl_session_timeout 60m;
return 301 https://www.example.com$request_uri;
}