将所有 nginx 流量重定向到 SSL,除了一个 php

将所有 nginx 流量重定向到 SSL,除了一个 php

我有一个 prestashop 网站,全部使用 SSL。我遇到的问题是支付网关返回无法使用 SSL,因此我必须在 nginx 配置上创建一个例外,以使用 HTTP 接受回调 URL。

这是我尝试过的(但没有成功):

server {
  listen 80;

  server_name example.com www.example.com;
  client_header_buffer_size 16k;
  large_client_header_buffers 16 16k;

  root /var/www/html/example.com;

  location / {  # the default location redirects to https
    return 301 https://$server_name$request_uri;
  }

  location ~ /validation.php$ {  # chapuza per redsys
    include       fastcgi.conf;
    fastcgi_pass  127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_script_name;
    fastcgi_buffer_size 32k;
    fastcgi_buffers 4 32k;
    fastcgi_read_timeout 300;
  }


}

server {
  listen 443 ssl;
  listen [::]:443 ssl;
  include snippets/ssl-example.com.conf;
  include snippets/ssl-params.conf;

  server_name example.com www.example.com;

  ssl on;

  #add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;


  root /var/www/html/example.com;

  # Try static files first, then php
  index index.html index.htm index.php;

  #Specify a charset
  charset utf-8;

    ##
    # Gzip Settings
    ##

    gzip on;
    gzip_disable "msie6";
    gzip_vary on;
    gzip_proxied any;
    gzip_comp_level 1;
    gzip_buffers 16 8k;
    gzip_http_version 1.0;
    gzip_types application/json text/css application/javascript;

  location ~ /validation.php$ {  # chapuza per redsys
    return 301 http://$server_name$request_uri;
  }

  rewrite ^/api/?(.*)$ /webservice/dispatcher.php?url=$1 last;

  rewrite ^/([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$1$2$3.jpg last;
  rewrite ^/([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$1$2$3$4.jpg last;
  rewrite ^/([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$1$2$3$4$5.jpg last;
  rewrite ^/([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg last;
  rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg last;
  rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg last;
  rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg last;
  rewrite ^/([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$ /img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg last;

  rewrite ^/order$ /index.php?controller=order last;

  if (!-e $request_filename){
    rewrite ^(.*)$ /index.php last;
  }

  # Redirect needed to "hide" index.php
  location / {
    try_files $uri $uri/ /index.php?q=$uri&$args;
  }

  location /c {
    rewrite ^/c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/p/$1$2$3.jpg last;
    rewrite ^/c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ /img/p/$1$2.jpg last;
  }

  location /p {
    rewrite ^/p/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$ /img/p/$1$2$3.jpg last;
    rewrite ^/p/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$ /img/p/$1$2.jpg last;
  }

  location /images_ie {
    rewrite ^/images_ie/?([^/]+)\.(jpe?g|png|gif)$ /js/jquery/plugins/fancybox/images/$1.$2 last;
  }


  # Don't log robots.txt or favicon.ico files
  location ~* ^/(favicon.ico|robots.txt)$ {
    access_log off;
    log_not_found off;
  }
  # Custom 404 page
  error_page 404 /index.php?controller=404;

#  location ~* ^.+.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|htm|html|js|css|mp3|swf|ico|flv|xml) {
#    access_log off;
#    expires 30d;
#  }

  # Deny access to .htaccess
  location ~ /\.ht {
    deny all;
  }

  location ~ /.well-known {
       allow all;
  }

  # PHP scripts -> PHP-FPM server listening on 127.0.0.1:9000
  location ~ \.php$ {
    include       fastcgi.conf;
    fastcgi_pass  127.0.0.1:9000;
    fastcgi_index index.php;
    fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param PATH_INFO $fastcgi_script_name;
    fastcgi_buffer_size 32k;
    fastcgi_buffers 4 32k;
    fastcgi_read_timeout 300;
  }



}

回调 /example/test_dir/validation.php 进入循环

我的错误在哪里?

谢谢

答案1

问题如下:

location \.validation.php$ {  # chapuza per redsys

这里有一个正则表达式语法,但缺少表明~它应该被解释为正则表达式的符号。

使用

location ~ \.validation\.php$ {  # chapuza per redsys

反而。

然后,您将在 https 位置发送 HSTS 标头,告知客户端所有对该域的请求都必须使用 https。如果 URL 仅由不关心 HSTS 的客户端访问,则这不是问题。

我建议您寻找一个在交易中使用 https 的支付解决方案。

相关内容