文件以 HTTP 而不是 HTTPS 形式提供

文件以 HTTP 而不是 HTTPS 形式提供

我刚刚设置了一个 nginx 服务器和 letsencrypt,我认为对我的配置所做的某些更改certbot弄乱了一切。

我希望我的网站默认使用 HTTPS,并使用 HTTPS 提供所有文件,以避免混合内容错误,例如:

Mixed Content: The page at 'https://example.org/login' was loaded over HTTPS, but requested an insecure stylesheet 'http://example.org/css/auth.css?v=1'. This request has been blocked; the content must be served over HTTPS.

这是我的 Nginx 配置 - 我对添加 SSL 证书后看到的重复程度感到担忧,但经验不足,不知道这是否会导致任何问题。我已将我的域名替换为“example.org”。

server {

    listen 80;
    listen 443 default_server ssl;
    listen [::]:443 ssl ipv6only=on;

    ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    server_name example.org;
    charset   utf-8;

    root /home/www/example.org/public;
    index index.php index.html index.htm;

    gzip on;
        gzip_vary on;
        gzip_disable "msie6";
        gzip_comp_level 6;
        gzip_min_length 1100;
        gzip_buffers 16 8k;
        gzip_proxied any;
        gzip_types
            text/plain
            text/css
            text/js
            text/xml
            text/javascript
            application/javascript
            application/x-javascript
            application/json
            application/xml
            application/xml+rss;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
        autoindex on;
    }

    location ~ \.php$ {
        try_files $uri /index.php =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|svg|woff|woff2|ttf) {
        expires 1M;
        access_log off;
        add_header Cache-Control "public";
    }

    location ~* \.(?:css|js) {
        expires 7d;
        access_log off;
        add_header Cache-Control "public";
    }

    location ~ /\.ht {
        deny all;
    }
}

server {

    root /home/www/example.org/public;
    index index.php index.html index.htm;
    server_name example.org www.example.org; # managed by Certbot
    charset   utf-8;

    gzip on;
        gzip_vary on;
        gzip_disable "msie6";
        gzip_comp_level 6;
        gzip_min_length 1100;
        gzip_buffers 16 8k;
        gzip_proxied any;
        gzip_types
            text/plain
            text/css
            text/js
            text/xml
            text/javascript
            application/javascript
            application/x-javascript
            application/json
            application/xml
            application/xml+rss;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        try_files $uri /index.php =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|svg|woff|woff2|ttf) {
        expires 1M;
        access_log off;
        add_header Cache-Control "public";
    }

    location ~* \.(?:css|js) {
        expires 7d;
        access_log off;
        add_header Cache-Control "public";
    }

    location ~ /\.ht {
        deny all;
    }
}

server {
    if ($host = www.example.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = example.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80 ;
    listen [::]:80  ;
    server_name example.org www.example.org;
    return 404; # managed by Certbot

}

答案1

我自己想不出一个优雅的解决方案。“肮脏的解决方案”是在域上启用 cloudflare,然后设置Always Use HTTPS: ONAutomatic HTTPS Rewrites: ON

答案2

你为什么不尝试改变这一点

if ($host = example.org) {
    return 301 https://$host$request_uri;

对此

if ($scheme = http) {
    return 301 https://example.org$request_uri;

也改变其他重定向

相关内容