我正在尝试在 Ubuntu 16.04 上使用 Let's Encrypt 保护 Nginx。
example.conf 文件前获取 SSL 证书
server {
server_name example.com www.example.com ;
# Tell Nginx and Passenger where your app's 'public' directory is
root /var/www/backup/mycode/public;
# Turn on Passenger
passenger_enabled on;
rails_env development;
passenger_ruby /usr/local/rvm/gems/ruby-2.5.6/wrappers/ruby;
}
http://example.com/是工作正常。
我尝试通过以下方式获取 SSL 证书
sudo certbot --nginx -d example.com -d www.example.com
结果是
Your existing certificate has been successfully renewed, and the new certificate
has been installed.
The new certificate covers the following domains: https://example.com and
https://www.example.com
example.conf 文件后获取 SSL 证书
server {
server_name example.com www.example.com ;
# Tell Nginx and Passenger where your app's 'public' directory is
root /var/www/backup/example.com/public;
# Turn on Passenger
passenger_enabled on;
rails_env development;
passenger_ruby /usr/local/rvm/gems/ruby-2.5.6/wrappers/ruby;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name example.com www.example.com ;
listen 80;
return 404; # managed by Certbot
}
http://example.com/正在重定向至 https://example.com/太多次
example.com redirected you too many times.
ERR_TOO_MANY_REDIRECTS
为什么重定向次数太多?
第二个服务器块的用途是什么?
server { if ($host = www.example.com) { return 301 https://$host$request_uri; } # managed by Certbot if ($host = example.com) { return 301 https://$host$request_uri; } # managed by Certbot server_name example.com www.example.com ; listen 80; return 404; # managed by Certbot }如何将所有重定向至https://www.example.com/?
编辑1
将 certibot 托管代码移至第二个服务器块已停止过多重定向问题。但我的网站又回到了HTTP而不是 https。
server {
server_name example.com www.example.com ;
# Tell Nginx and Passenger where your app's 'public' directory is
root /var/www/backup/example.com/public;
# Turn on Passenger
passenger_enabled on;
rails_env development;
passenger_ruby /usr/local/rvm/gems/ruby-2.5.6/wrappers/ruby;
}
server {
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name example.com www.example.com ;
listen 80;
return 404; # managed by Certbot
}
答案1
第二个服务器块的用途是什么?
监听 HTTP 并将 HTTP 请求重定向到 HTTPS。
为什么重定向次数太多?
不应该,除非网站本身不喜欢使用 HTTPS 进行调用,因此再次执行了一些重定向。Nginx 配置似乎没有问题。
How to make all redirects to https://www.example.com/?
改变
if ($host = example.com) {
return 301 https://$host$request_uri;
}
到
if ($host = example.com) {
return 301 https://www.$host$request_uri;
}
您还可以添加另一个重定向https://example.com到https://www.example.com(在第一个服务器块中,监听 HTTPS);这将负责重定向开头不带“www.”的 HTTPS 请求。
答案2
1. 为什么重定向次数太多?
您的应用程序不知道请求是否通过 SSL 传入,将以下行添加到您的服务器块应该可以解决这个问题:
passenger_set_header X-Forwarded-Proto $scheme;