当我尝试重定向非 https 时,我总是收到太多重定向错误。阅读了很多其他问题,但我找不到我做错的地方。
有没有办法记录重定向来调试这个问题?
server {
listen 80;
listen [::]:80;
server_name example.com *.example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name *.example.com;
return 301 $scheme://example.com$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com;
include /etc/nginx/include.d/ssl-example.conf;
root /var/www/example/public;
}
与此相比,我不确定我错过了什么:https://serverfault.com/a/821888/86582
网络状态监测
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 30386/master
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 12585/nginx -g daem
tcp 0 0 0.0.0.0:2589 0.0.0.0:* LISTEN 26976/sshd
tcp 0 0 127.0.0.1:3306 0.0.0.0:* LISTEN 4892/mysqld
tcp 0 0 127.0.0.1:11211 0.0.0.0:* LISTEN 16417/memcached
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 12585/nginx -g daem
tcp6 0 0 ::1:25 :::* LISTEN 30386/master
tcp6 0 0 :::443 :::* LISTEN 12585/nginx -g daem
tcp6 0 0 :::2589 :::* LISTEN 26976/sshd
tcp6 0 0 :::80 :::* LISTEN 12585/nginx -g daem
udp 0 0 213.138.111.4:123 0.0.0.0:* 5945/ntpd
udp 0 0 127.0.0.1:123 0.0.0.0:* 5945/ntpd
udp 0 0 0.0.0.0:123 0.0.0.0:* 5945/ntpd
udp6 0 0 fe80::fcff:ff:fe00::123 :::* 5945/ntpd
udp6 0 0 2001:41c8:51:604::4:123 :::* 5945/ntpd
udp6 0 0 ::1:123 :::* 5945/ntpd
udp6 0 0 :::123 :::* 5945/ntpd
更新:抱歉,我现在发现,如果我删除重定向并尝试在以下位置运行基本 https 服务器https://example.com/它不会识别该服务器块并显示默认服务器块。
如果我取消注释 listen 80,它会读取此块。有什么想法我可能做错了吗?
server {
#listen 80;
#listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com;
ssl on;
ssl_certificate /etc/nginx/ssl/example/cert.pem;
ssl_certificate_key /etc/nginx/ssl/example/key.pem;
ssl_trusted_certificate /etc/nginx/ssl/sf_bundle-g2-g1.crt;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
root /var/www/example/public;
access_log /var/log/nginx/example.access.log;
error_log /var/log/nginx/example.error.log;
location ~ \.php$ {
fastcgi_param PHP_VALUE open_basedir="/var/www/example/public/:/tmp/:/tmp/:/usr/share/";
include /etc/nginx/include.d/php.conf;
}
location / {
try_files $uri $uri/ /index.php$is_args$args;
}
}
卷曲输出:
$ curl -I -L http://example.com
HTTP/1.1 200 OK
Date: Thu, 29 Nov 2018 16:18:37 GMT
Content-Type: text/html; charset=UTF-8
Connection: keep-alive
Set-Cookie: __cfduid=da26b551f0feb6bc34fb453d0596a312c1543508317; expires=Fri, 29-Nov-19 16:18:37 GMT; path=/; domain=.example.com; HttpOnly
Vary: Accept-Encoding
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Server: cloudflare
CF-RAY: 4816642ae74d641b-FRA
$ curl -I -L https://example.com
HTTP/2 200
date: Thu, 29 Nov 2018 16:18:44 GMT
content-type: text/html; charset=UTF-8
set-cookie: __cfduid=d2caa15ab5204aadd1e0ca0279f0d79b21543508324; expires=Fri, 29-Nov-19 16:18:44 GMT; path=/; domain=.example.com; HttpOnly
vary: Accept-Encoding
strict-transport-security: max-age=63072000; includeSubdomains
x-frame-options: DENY
x-content-type-options: nosniff
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
server: cloudflare
cf-ray: 48166452efc1641b-FRA
答案1
您更新的问题显示为标题的一部分:
Server: cloudflare
一个相当典型的问题是,您将网站的纯 http 和 https 版本从 CDN CloudFlare 转发到仅 http 的后端。即使客户端使用 https,它也只会在浏览器和 cloudflare 之间进行。
当您在服务器上尝试强制执行永远不会发生的 https 时。
您应该更改您的 cloudflare 设置以转到后端服务器上的 https 站点,并从 cloudflare 重定向到 https。