添加 ssl 后,nginx 出现“ERR_TOO_MANY_REDIRECTS”

tag-icon tag-icon nginx ssl redirect lets-encrypt certbot
添加 ssl 后,nginx 出现“ERR_TOO_MANY_REDIRECTS”

我添加后让我们加密证书到我的网站CertBotERR_TOO_MANY_REDIRECTS当我尝试访问我的网站的域名时, 我得到了。

一些信息:

-mywebsite 使用 django、nginx 和 gunicorn 构建。

server {
server_name www.example.com example.com;

location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
    root /home/myproject;
}

location / {
    include proxy_params;
    proxy_pass http://unix:/run/gunicorn.sock;
}


listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


if ($host = example.com) {
    return 301 https://$host$request_uri;
} # managed by Certbot

listen 80;
server_name www.example.com example.com;
return 404; # managed by Certbot

}

/etc/letsencrypt/options-ssl-nginx.conf:

# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.

ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RS$

如果您需要任何其他代码/信息,请告诉我,谢谢

笔记 :我已经阅读了所有有同样问题的问题,但我仍然不知道问题出在哪里

答案1

这是因为您将所有连接重定向到 https,甚至是 https 连接,这意味着您创建了一个重定向循环。

将您的配置更改为

server {
    listen 80 default_server;
    server_name www.example.com example.com;

    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl default_server;
    server_name www.example.com example.com;

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


    location /favicon.ico { 
        access_log off; 
        log_not_found off; 
    }
    location /static/ {
        root /home/myproject;
    }

    location / {
        include proxy_params;
        proxy_pass http://unix:/run/gunicorn.sock;
    }
}

不过,了解 /etc/letsencrypt/options-ssl-nginx.conf 包含什么内容会很好。

解释:

基本上,您需要两个“服务器”部分,一个用于端口 80,一个用于端口 443。端口 80(http)部分仅包含重定向,而 443 部分包含您站点的实际设置(位置、根等)和 SSL 设置(证书、支持的协议、密码等)。

因此,当客户端通过 http 连接时,服务器会告诉他转到 https,然后 https 部分会处理那里的所有事情。

在配置中使用缩进也是一个好主意,以提高可读性和更容易修复错误。

注意:我发布的配置仅修复了您的重定向问题,我不知道您的实际配置是否适合您的情况(gunicorn 等)。通常,您还应该为您的服务器定义一个索引和一个根,如下所示:

root /home/website/mywebsite/public;
index index.html index.htm index.php;

答案2

如果有人正在使用 CloudFlare 并遇到同样的问题。

这修复了它:https://stackoverflow.com/a/60789055/3858492

就我而言,是 Cloudflare。我不得不改用全 SSL 加密

相关内容