nginx 将非 https 请求重定向到随机 https

2024-5-31 • tag-icon

我在 ubuntu 服务器 14.04 上安装了最新的 nginx 版本。我在上面托管了一些网站，有的带 SSL，有的不带。我的问题是，每次我尝试在非 SSL 主机上设置新网站时，当我尝试访问该主机时，nginx 都会执行 301 重定向到同一主机的 SSL 版本（即使该特定主机没有 SSL 的服务器块），并从同一服务器上的随机 Web 应用程序呈现内容，从而触发 SSL 证书不匹配。

知道可能是什么问题吗？

下面是我尝试设置的非 SSL 主机的 nginx 配置：

server {
    listen 80;
    listen [::]:80;
    server_name some.domain.eu;
    root /usr/share/nginx/some.domain.eu/html;
    index index.php index.html index.htm;

    error_page 404 /404.html;

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
          root /usr/share/nginx/html;
    }

    # pass the PHP scripts to FastCGI server listening on the php-fpm socket
    location ~ \.php$ {
            try_files $uri @missing;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;

    }

    location / {
        try_files $uri $uri/ /index.php$is_args$args;
        }
}

这是 some.domain.eu 呈现内容的一个 SSL 的配置文件：

server {
   listen 80;
   server_name some.ssl.domain.com www.some.ssl.domain.com;
   rewrite ^ https://$server_name$request_uri? permanent;
}

server {
    listen 443 ssl http2;
    server_name some.ssl.domain.com www.some.ssl.domain.com; 
    root /usr/share/nginx/some.ssl.domain.com/html;
    index index.php index.html index.htm;

    include /etc/nginx/snippets/ssl-params.conf;
    include /etc/nginx/snippets/ssl-some.ssl.domain.com.conf;

    location / {
        try_files $uri $uri/ /index.php?$args;
    }

    location ~ /.well-known {
        allow all;
    }

    error_page 404 /404.html;

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
          root /usr/share/nginx/html;
    }

    # pass the PHP scripts to FastCGI server listening on the php-fpm socket
    location ~ \.php$ {
            try_files $uri @missing;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;

    }

    location @missing {
        rewrite ^ $scheme://$host/index.php permanent;
    }

    location ~*  \.(jpg|jpeg|png|gif|ico|css|js)$ {
       expires 365d;
    }
}

我的 nginx.conf：

user www-data;
worker_processes auto;
pid /run/nginx.pid;
#server_tokens off;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile on;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    client_max_body_size 1000M;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;
    gzip_disable "msie6";

    gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
    gzip_comp_level 6;
    gzip_min_length 1100;
    gzip_buffers 16 8k;
    gzip_proxied any;
    gzip_types
            text/plain
            text/css
            text/js
            text/xml
            text/javascript
            application/javascript
            application/x-javascript
            application/json
            application/xml
            application/xml+rss;
    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
    server_tokens off;

    # config to don't allow the browser to render the page inside an frame or iframe
# and avoid clickjacking http://en.wikipedia.org/wiki/Clickjacking
# if you need to allow [i]frames, you can use SAMEORIGIN or even set an uri with ALLOW-FROM uri
# https://developer.mozilla.org/en-US/docs/HTTP/X-Frame-Options
add_header X-Frame-Options SAMEORIGIN;

# when serving user-supplied content, include a X-Content-Type-Options: nosniff header along with the Content-Type: header,
# to disable content-type sniffing on some browsers.
# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
# currently suppoorted in IE > 8 http://blogs.msdn.com/b/ie/archive/2008/09/02/ie8-security-part-vi-beta-2-update.aspx
# http://msdn.microsoft.com/en-us/library/ie/gg622941(v=vs.85).aspx
# 'soon' on Firefox https://bugzilla.mozilla.org/show_bug.cgi?id=471020
add_header X-Content-Type-Options nosniff;

# This header enables the Cross-site scripting (XSS) filter built into most recent web browsers.
# It's usually enabled by default anyway, so the role of this header is to re-enable the filter for 
# this particular website if it was disabled by the user.
# https://www.owasp.org/index.php/List_of_useful_HTTP_headers
add_header X-XSS-Protection "1; mode=block";
}

答案1

我怀疑 Nginx 会将网站显示在 IP 的默认服务器上，这看起来有些随机。我想到两种可能的解决方案。

1、为该网站设置 https 并将其转发到 http，这真的很容易。您可以使用免费的 Let's Encrypt 证书。

2、在 https 上设置默认服务器并返回错误代码。这需要在域上并标记为 default_server。我只在 http 上执行此操作，因为我的所有网站都有 https。这由这个问题。

答案2

就像大多数时候一样，答案就在简单的事情背后。我的设置问题是由于缺少symlink一个sites-enabled...

当然，我还需要解决 http 和 https 的默认服务器。

答案3

如果您使用 Hostinger，您可能需要将其添加到 wp-config.php（如果是 Wordpress）或 index.php（如果是其他）：

$_SERVER['REQUEST_SCHEME'] = 'http';
$_SERVER['SERVER_PORT'] = '80';

它为我解决了随机 https 重定向的问题，我希望它可以帮助其他人！

答案1

答案2

答案3

相关内容