htaccess 重写规则不适用于文件扩展名

htaccess 重写规则不适用于文件扩展名

我在服务器上的同一个文件夹中设置了两个域。

IE

dl.d123.com      @ /var/www/public_html/dl.domain123.com
dl.domain123.com @ /var/www/public_html/dl.domain123.com

我在 /var/www/public_html/domain123.com 中有一个 htaccess 文件,其中包含以下行:

RewriteEngine On
#Rewrite URLs to one SSL domain
RewriteCond %{HTTP_HOST} ^dl\.d123\.com [NC]
RewriteRule ^(.*)$ https://dl.domain123.com/$1 [L,R=301,NC]

此规则适用于任何不包含文件扩展名的 URL

dl.d123.com/folder1/folder2 redirects to dl.domain123.com/folder1/folder2

但不适用于任何包含文件扩展名的 URL

dl.d123.com/folder1/folder2/index.html stays the same.

不仅仅是 html 扩展名。例如 png 文件也是一样。

该服务器设置有 nginx 作为代理。 nginx:80/443 -> apache:8080/8443

编辑:(出于隐私/安全考虑,域名和 IP 已更改)Nginx 配置:80

server {
    listen 123.123.123.123:80;  
    server_name dl.domain123.org  www.dl.domain123.org;

    access_log /usr/local/apache/domlogs/dl.domain123.org.bytes bytes;
    access_log /usr/local/apache/domlogs/dl.domain123.org.log full;
    error_log /usr/local/apache/domlogs/dl.domain123.org.error.log error;

    location / {
        location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh|webp)$ {
            root /home/s4h/dl.domain123.org;                    
            expires max;
            try_files $uri $uri/ @backend;
        }
        
        error_page 405 = @backend;
        error_page 500 = @custom;
        add_header X-Cache "HIT from Backend";
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        proxy_pass http://123.123.123.123:8181;
        include proxy.inc;
    }

    location @backend {
        internal;
        proxy_pass http://123.123.123.123:8181;
        include proxy.inc;
    }

    location @custom {
        internal;
        proxy_pass http://123.123.123.123:8181;
        include proxy.inc;
    }

    location ~ .*\.(php|jsp|cgi|pl|py)?$ {
        proxy_pass http://123.123.123.123:8181;
        include proxy.inc;
    }

    location ~ /\.ht    {deny all;}
    location ~ /\.svn/  {deny all;}
    location ~ /\.git/  {deny all;}
    location ~ /\.hg/   {deny all;}
    location ~ /\.bzr/  {deny all;}
    location ~\.(ini|log|conf)$ {deny all;error_page 403 =404 / ;}

    disable_symlinks if_not_owner from=/home/s4h/dl.domain123.org;

    location /.well-known/acme-challenge {
        default_type "text/plain";
        alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
    }

    location /.well-known/pki-validation {
        default_type "text/plain";
        alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
    }
}

Nginx 配置:443

server {
    listen 123.123.123.123:443 ssl ;
    server_name dl.domain123.org  www.dl.domain123.org;
    
    access_log /usr/local/apache/domlogs/dl.domain123.org.bytes bytes;
    access_log /usr/local/apache/domlogs/dl.domain123.org.log full;
    error_log /usr/local/apache/domlogs/dl.domain123.org.error.log error;

    ssl_certificate      /etc/pki/tls/certs/dl.domain123.org.bundle;
    ssl_certificate_key  /etc/pki/tls/private/dl.domain123.org.key;
    ssl_protocols TLSv1.2;
    ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS;
    ssl_prefer_server_ciphers   on;

    ssl_session_cache   shared:SSL:10m;
    ssl_session_timeout 60m;

    location / {
        location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh|webp)$ {
            root /home/s4h/dl.domain123.org;
            expires max;
            try_files $uri $uri/ @backend;
        }
        
        error_page 405 = @backend;
        error_page 500 = @custom;
        add_header X-Cache "HIT from Backend";
        add_header Strict-Transport-Security "max-age=31536000";
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        proxy_pass http://123.123.123.123:8181;
        include proxy.inc;
    }

    location @backend {
        internal;
        proxy_pass http://123.123.123.123:8181;
        include proxy.inc;
    }

    location @custom {
        internal;
        proxy_pass http://123.123.123.123:8181;
        include proxy.inc;
    }

    location ~ .*\.(php|jsp|cgi|pl|py)?$ {
        proxy_pass http://123.123.123.123:8181;
        include proxy.inc;
    }

    location ~ /\.ht    {deny all;}
    location ~ /\.svn/  {deny all;}
    location ~ /\.git/  {deny all;}
    location ~ /\.hg/   {deny all;}
    location ~ /\.bzr/  {deny all;}
    location ~\.(ini|log|conf)$ {deny all;error_page 403 =404 / ;}

    disable_symlinks if_not_owner from=/home/s4h/dl.domain123.org;

    location /.well-known/acme-challenge {
        default_type "text/plain";
        alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
    }

    location /.well-known/pki-validation {
        default_type "text/plain";
        alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
    }
}

dl.d123.com Nginx,仅端口 80,未安装 SSL。

server {
    listen 123.123.123.123:80;  
    server_name dl.d123.com  www.dl.d123.com;

    access_log /usr/local/apache/domlogs/dl.d123.com.bytes bytes;
    access_log /usr/local/apache/domlogs/dl.d123.com.log full;
    error_log /usr/local/apache/domlogs/dl.d123.com.error.log error;

    location / {
        location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh|webp)$ {
            root /home/s4h/dl.domain123.com;                    
            expires max;
            try_files $uri $uri/ @backend;
        }
        
        error_page 405 = @backend;
        error_page 500 = @custom;
        add_header X-Cache "HIT from Backend";
        add_header X-XSS-Protection "1; mode=block" always;
        add_header X-Content-Type-Options "nosniff" always;
        proxy_pass http://123.123.123.123:8181;
        include proxy.inc;
    }

    location @backend {
        internal;
        proxy_pass http://123.123.123.123:8181;
        include proxy.inc;
    }

    location @custom {
        internal;
        proxy_pass http://123.123.123.123:8181;
        include proxy.inc;
    }

    location ~ .*\.(php|jsp|cgi|pl|py)?$ {
        proxy_pass http://123.123.123.123:8181;
        include proxy.inc;
    }

    location ~ /\.ht    {deny all;}
    location ~ /\.svn/  {deny all;}
    location ~ /\.git/  {deny all;}
    location ~ /\.hg/   {deny all;}
    location ~ /\.bzr/  {deny all;}
    location ~\.(ini|log|conf)$ {deny all;error_page 403 =404 / ;}

    disable_symlinks if_not_owner from=/home/s4h/dl.domain123.com;

    location /.well-known/acme-challenge {
        default_type "text/plain";
        alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
    }

    location /.well-known/pki-validation {
        default_type "text/plain";
        alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge;
    }
}

答案1

原因是 nginx 配置中的以下阻止:

location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh|webp)$ {
    root /home/s4h/dl.domain123.org;
    expires max;
    try_files $uri $uri/ @backend;
}

这告诉 nginx 直接使用所提及的扩展名提供文件。请注意,列表包含.html.png扩展名。

您应该在 nginx 内部执行重定向:

server {
    listen 123.123.123.123:80;  
    server_name dl.d123.com  www.dl.d123.com;

    access_log /usr/local/apache/domlogs/dl.d123.com.bytes bytes;
    access_log /usr/local/apache/domlogs/dl.d123.com.log full;
    error_log /usr/local/apache/domlogs/dl.d123.com.error.log error;

    location / {
        return 301 https://www.dl.domain123.org$request_uri;
    }
}

相关内容