我想要实现的目标是:转发http请求到https... 即http://domain.com应该重定向到https://domain.com
我成功地在一台服务器上(使用不同的域)运行了它,但这台服务器出现故障。转到http网站的版本会This site can’t be reached在浏览器中返回一条通知。
我为这不起作用而抓狂不已。有什么建议吗?我应该寻找什么,也许是我遗漏了 NGINX 中的其他隐藏设置?
注意:网站的 HTTPS 版本运行良好
server {
listen 80;
server_name csp.domain.com;
server_tokens off;
return 301 https://csp.domain.com$request_uri;
}
server {
listen 443;
server_name csp.domain.com;
fastcgi_param HTTPS on;
ssl on;
ssl_certificate /etc/nginx/ssl/bytecp_client.crt;
ssl_certificate_key /etc/nginx/ssl/bytecp_client.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
charset utf-8;
sendfile on;
tcp_nopush on;
tcp_nodelay off;
server_tokens off;
reset_timedout_connection on;
location ~* ^.+\.(jpg|gif|png|css|js|swf|ico)$ {
access_log off;
log_not_found off;
expires 1y;
}
location /static/ {
alias /usr/local/kbkp-software/apps/b-nginx/usr/local/html/;
}
location ~ (?:/\..*|~)$ {
access_log off;
log_not_found off;
deny all;
}
}
curl 结果
>curl -Liv http://csp.domain.com
* About to connect() to csp.domain.com port 80 (#0)
* Trying 192.225.193.157... connected
> GET / HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: csp.domain.com
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection #0
curl: (56) Recv failure: Connection reset by peer
答案1
我正在使用通用转发器将所有域名转发至 443。
server {
listen 80;
server_name abc.domain.com efg.domain.com;
return 301 https://$host$request_uri;
}