强制将 http 重定向到 https nginx 到特定端口

tag-icon tag-icon nginx ssl port-forwarding lets-encrypt certbot
强制将 http 重定向到 https nginx 到特定端口

我有一个在 9000 端口运行的服务,并使用 letsencrypt 设置了 ssl。我想将所有请求从 http 转发到 https。

http://demo.mydomain.com -> https://demo.mydomain.com 
http://www.demo.mydomain.com -> https://demo.mydomain.com 
www.demo.mydomain.com -> https://demo.mydomain.com

这是我的配置

vi /etc/nginx/sites-available/default

server {
        root /var/www/html;

        server_name demo.mydomain.com;

        location / {
                proxy_pass http://127.0.0.1:9000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
        }


    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/demo.mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/demo.mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}



server {
    if ($host = demo.mydomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

     listen 80 default_server;
     listen [::]:80 default_server;

     server_name demo.mydomain.com;
     return 301 https://$host$request_uri;
     #return 404; # managed by Certbot

}

# nginx -t

#systemctl 重新加载 nginx.service

# curl -Ihttps://demo.mydomain.com-> 有效

# curl -Ihttp://demo.mydomain.com-> 超时

我尝试过许多类似的解决方案,但都不起作用。谢谢任何线索。

答案1

这是我的愚蠢错误。端口 80 未在 aws 实例中打开。但是,这是我为在不同端口运行的服务强制从 http 重定向到 https 的有效配置。

server {
        server_name demo.mydomain.com www.demo.mydomain.com;

        location / {
                proxy_pass http://127.0.0.1:9000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/demo.mydomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/demo.mydomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = demo.mydomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

     listen 80 default_server;
     listen [::]:80 default_server;

     server_name demo.mydomain.com;
     #return 404; # managed by Certbot
}

还要确保打开端口 80 和 443。干杯!

相关内容