我在 DigitalOcean 上有一个正在运行的 droplet Ubuntu 16.04,我开始与我的一个朋友分享它。他已经在 droplet 上运行了一个网页,nginx今天我也开始在上面设置我的 Wordpress 网站。
我成功地使用自己的域名运行了我的网站,并info.php在其上放置了一个虚拟文件来测试它是否有效。我在 中单独设置了我的网站/etc/nginx/sites-available/。
现在我想使用为我的网站设置 SSL 加密certbot。我成功安装了certbot插件nginx。我现在面临的问题是,当我尝试访问我的网站时,https://example.com/info.php我http://example.com/info.php收到ERR_TOO_MANY_REDIRECTS错误。所以我转到我的网站的配置文件,如下所示:
server {
root /var/www/example.com/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name example.com www.example.com;
location = /favicon.ico { log_not_found off; access_log off; }
location = /robots.txt { log_not_found off; access_log off; allow all; }
location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
expires max;
log_not_found off;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location / {
#try_files $uri $uri/ =404;
try_files $uri $uri/ /index.php$is_args$args;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name example.com www.example.com;
return 404; # managed by Certbot
}
并对整个最后一个server块进行了注释。现在我没有收到错误,但现在当我转到https://example.com/info.php或http://example.com/info.php重定向到我朋友网站的 HTTPS 版本时,会显示https://myfriendsite.com!
这是我的朋友网站的配置文件:
upstream mysite_development {
server unix:/webapps/Backend/mysite/run/gunicorn.sock
fail_timeout=0;
}
server {
listen 80;
server_name *.myfriendsite.com;
return 301 https://myfriendsite.com$request_uri;
# rewrite ^/(.*) https://myfriendsite.com/$1 permanent;
}
server {
listen 443 ssl;
server_name myfriendsite.com;
client_max_body_size 4G;
ssl on;
ssl_certificate /webapps/Backend/certificates/cert_chain.crt;
ssl_certificate_key /webapps/Backend/certificates/myfriendsite.com.key;
access_log /webapps/Backend/logs/nginx-access.log;
error_log /webapps/Backend/logs/nginx-error.log;
location /static/ {
alias /webapps/Backend/mysite/static/;
}
location /media/price_list/ {
internal;
alias /webapps/Backend/mysite/media/price_list/;
}
location /media/electronic_bill/ {
internal;
types { application/octet-stream .pdf; }
default_type application/octet-stream;
alias /webapps/Backend/mysite/media/electronic_bill/;
}
location /media/ {
alias /webapps/Backend/mysite/media/;
}
location /assets/ {
alias /webapps/Backend/mysite/static/assets/;
}
location / {
proxy_set_header X-Forwarded-Proto $scheme;
try_files $uri @proxy_to_app;
}
location @proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_redirect off;
proxy_pass http://mysite_development;
}
}
server {
listen 443 ssl;
server_name *.myfriendsite.com;
return 301 https://myfriendsite.com$request_uri;
}
如果我从我的网站删除 SSL,它就会开始按预期工作,但只要我为我的网站启用 SSL,它就会重定向到我朋友的网站!我真的找不到导致重定向的原因。
编辑:如果它很重要,我会使用 Cloudflare 作为我的 DNS 服务器。我的朋友正在使用 DigitalOcean 提供的 DNS 服务器。
答案1
好吧,这不是 的问题nginx,问题与 Cloudflare Flexible SSL 有关。我通过在 Cloudflare 仪表板中将SSL 模式从 更改Flexible为 来解决这个问题。Strict
您可以阅读更多有关此内容的内容这里。