我有一个 prestashop 网站,全部使用 SSL。我遇到的问题是支付网关返回无法使用 SSL,因此我必须在 nginx 配置上创建一个例外,以使用 HTTP 接受回调 URL。
这是我尝试过的(但没有成功):
server {
listen 80;
server_name example.com www.example.com;
client_header_buffer_size 16k;
large_client_header_buffers 16 16k;
root /var/www/html/example.com;
location / { # the default location redirects to https
return 301 https://$server_name$request_uri;
}
location ~ /validation.php$ { # chapuza per redsys
include fastcgi.conf;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_buffer_size 32k;
fastcgi_buffers 4 32k;
fastcgi_read_timeout 300;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
include snippets/ssl-example.com.conf;
include snippets/ssl-params.conf;
server_name example.com www.example.com;
ssl on;
#add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
root /var/www/html/example.com;
# Try static files first, then php
index index.html index.htm index.php;
#Specify a charset
charset utf-8;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 1;
gzip_buffers 16 8k;
gzip_http_version 1.0;
gzip_types application/json text/css application/javascript;
location ~ /validation.php$ { # chapuza per redsys
return 301 http://$server_name$request_uri;
}
rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;
rewrite ^/([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$1$2$3.jpg last;
rewrite ^/([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
rewrite ^/([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;
rewrite ^/order$ /index.php?controller=order last;
if (!-e $request_filename){
rewrite ^(.*)$ /index.php last;
}
# Redirect needed to "hide" index.php
location / {
try_files $uri $uri/ /index.php?q=$uri&$args;
}
location /c {
rewrite ^/c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/p/$1$2$3.jpg last;
rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ /img/p/$1$2.jpg last;
}
location /p {
rewrite ^/p/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/p/$1$2$3.jpg last;
rewrite ^/p/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ /img/p/$1$2.jpg last;
}
location /images_ie {
rewrite ^/images_ie/?([^/]+)\.(jpe?g|png|gif)$ /js/jquery/plugins/fancybox/images/$1.$2 last;
}
# Don't log robots.txt or favicon.ico files
location ~* ^/(favicon.ico|robots.txt)$ {
access_log off;
log_not_found off;
}
# Custom 404 page
error_page 404 /index.php?controller=404;
# location ~* ^.+.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|htm|html|js|css|mp3|swf|ico|flv|xml) {
# access_log off;
# expires 30d;
# }
# Deny access to .htaccess
location ~ /\.ht {
deny all;
}
location ~ /.well-known {
allow all;
}
# PHP scripts -> PHP-FPM server listening on 127.0.0.1:9000
location ~ \.php$ {
include fastcgi.conf;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_script_name;
fastcgi_buffer_size 32k;
fastcgi_buffers 4 32k;
fastcgi_read_timeout 300;
}
}
回调 /example/test_dir/validation.php 进入循环
我的错误在哪里?
谢谢
答案1
问题如下:
location \.validation.php$ { # chapuza per redsys
这里有一个正则表达式语法,但缺少表明~
它应该被解释为正则表达式的符号。
使用
location ~ \.validation\.php$ { # chapuza per redsys
反而。
然后,您将在 https 位置发送 HSTS 标头,告知客户端所有对该域的请求都必须使用 https。如果 URL 仅由不关心 HSTS 的客户端访问,则这不是问题。
我建议您寻找一个在交易中使用 https 的支付解决方案。