我目前使用以下服务器块将所有 HTTP 连接重定向到 HTTPS:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
效果很好。我还在子域上运行了一个 Web 应用程序,使用以下服务器块:
server {
listen 443 ssl;
server_name gitea.pyrosoftsolutions.co.uk;
ssl_certificate /etc/ssl/certs/gitea.pyrosoftsolutions.crt;
ssl_certificate_key /etc/ssl/private/gitea.pyrosoftsolutions.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/dhparam/gitea.dhparam.pem;
proxy_cookie_domain ~(?P<secure_domain>([-0-9a-z]+\.)?[-0-9a-z]+\.[a-z]+)$ "$secure_domain; sec$
location / {
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inlin$
add_header X-Xss-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
proxy_pass http://localhost:3000/;
}
}
再次,这似乎工作正常。但是,我想在 default/www 域上运行一个网站。当我启用以下服务器块时,问题出现了:
server {
listen 443 ssl;
server_name pyrosoftsolutions.co.uk www.pyrosoftsolutions.co.uk;
root /var/www/pyrosoftsolutions.co.uk;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ /index.html;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/pyrosoftsolutions.co.uk;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
由于某种原因,当启用此阻止时,我无法再访问我的子域,也无法访问根目录中的任何文件/页面。有什么想法吗?
答案1
目前尚不清楚完整的配置是什么,但在我看来,您需要有ssl_*问题的块中的指令。
定义SSL_CERTIFICATE和指令应该可以解决您的问题。如果没有定义合适的证书,SSL_CERTIFICATE_KEYnginx 就无法提供页面。HTTPS