当 https proxy_pass 时,Nginx http 重定向到 https

tag-icon tag-icon nginx 301-redirect proxypass
当 https proxy_pass 时,Nginx http 重定向到 https

我有一个从 http 重定向到 https 的 nginx 配置,但是在 https 端,location / {} 包含一个到 Go 服务的 proxy_pass。

server {
  listen 80 default_server;
  listen [::]:80 default_server;
  server_name *.domain.com domain.com;

  return 301 https://$host$request_uri;
}
server {
  listen 443 ssl http2 default_server;
  listen [::]:443 ssl http2 default_server;
  server_name auth.domain.com;

  location / {
    proxy_pass http://localhost:PORT;
  }
}

但这不是重定向我设置proxy_pass的位置。

更新:

我想从 http 重定向到 https。有几个位置指向静态文件 (html),并且有一个 /api 和下面显示的 /。当我想在静态文件位置从 http 重定向到 https 时,它会重定向,但对于其中有 proxy_pass 的位置,只需在 http 上加载,什么也没发生。

答案1

这是我用于将 HTTP 重定向到 HTTPs 的配置:

server {
    listen [::]:80 default_server;
    listen 80 default_server;
    return 301 https://$http_host$request_uri;
}
server {
    ...normal HTTPS conf ...
}

答案2

尝试如下配置:

# Force all users to https://www.example.com
server { 
    listen 80;
    server_name example.com www.example.com;
    return 301 https://www.example.com$request_uri;
} 
server {  
    listen 443 ssl; 
    server_name example.com; 

    ssl_certificate /etc/nginx/ssl/www.example.com.pem;         // path of pem or crt file for the domain   
    ssl_certificate_key /etc/nginx/ssl/www.example.com.key;     // path of key file for the domain
    return 301 https://www.example.com$request_uri;
    ssl on;
    ssl_session_cache  builtin:1000  shared:SSL:10m;
    ssl_protocols  TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;   
    ssl_prefer_server_ciphers on;

    access_log    /var/log/nginx/example.access.log;    
    
    location / {

      proxy_set_header        Host www.example.com;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;

      # Fix the “It appears that your reverse proxy set up is broken" error.
      proxy_pass          http://localhost:PORT;
      proxy_read_timeout  90;

      proxy_redirect      http://localhost:PORT https://example.com;
    }
}

答案3

单个服务器定义就足够了:

upstream backend {
  server 127.0.0.1:8080; # replace with actual address and port
}

server {
  listen 80 default_server;
  listen 443 ssl http2 default_server;
  listen [::]:80 default_server;
  listen [::]:443 ssl http2 default_server;

  server_name *.domain.com domain.com;

  ssl_certificate /etc/letsencrypt/live/*.domain.com/fullchain.pem;
  ssl_certificate_key /etc/letsencrypt/live/*.domain.com/privkey.pem;

  location / {
    proxy_pass http://backend;
  }

  # rewrite to https
  if ($scheme = http) {
    rewrite ^ https://$server_name$request_uri? permanent;
  }
}

相关内容