我已让 HTTPS 为 Lighttpd 的本地实例运行。
但我想重定向:
http://192.168.1.254 -> https://192.168.1.254:123
https://192.168.1.254 -> https://192.168.1.254:123
我的配置如下。
我得到的 ATM 是https://192.168.1.254/:4430它显示“此站点无法提供 HTTP 和 HTTPS 的安全连接”,我猜测 254 后面的额外 / 是原因,但我似乎无法弄清楚。
server.modules += (
"mod_openssl",
"mod_alias"
)
setenv.add-environment = ("fqdn" => "true")
$SERVER["socket"] == ":4430" {
ssl.engine = "enable"
ssl.pemfile = "/etc/lighttpd/ssl/combined.pem"
ssl.honor-cipher-order = "enable"
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
ssl.use-sslv2 = "disable"
ssl.use-sslv3 = "disable"
}
# Redirect HTTP to HTTPS 4430
$HTTP["scheme"] == "http" {
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://192.168.1.254:4430")
}
}
# Redirect HTTPS to HTTPS 4430
$SERVER["socket"] == ":443" {
$HTTP["host"] =~ ".*" {
url.redirect = (".*" => "https://192.168.1.254:4430")
}
}
答案1
我不明白为什么要重定向到 4430 而不是 443,因为那样更直接、更典型,但这里有一个配置供您使用:
server.modules += (
"mod_openssl",
"mod_redirect",
)
setenv.add-environment = ("fqdn" => "true")
ssl.pemfile = "/etc/lighttpd/ssl/combined.pem"
ssl.cipher-list = "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"
$SERVER["socket"] == ":4430" {
ssl.engine = "enable"
}
# Redirect HTTPS to HTTPS 4430
else $SERVER["socket"] == ":443" {
ssl.engine = "enable"
url.redirect = ("" => "https://192.168.1.254:4430${url.path}${qsa}")
}
# Redirect HTTP to HTTPS 4430
else $HTTP["scheme"] == "http" {
url.redirect = ("" => "https://192.168.1.254:4430${url.path}${qsa}")
}