0
我需要將* .lang.domain.com之類的URL重寫爲lang.domain.com,並且使用nginx重寫模塊成功完成了這一操作。我有通配證書* .domain.com,它不能保護4級域名,如test.lang.domain.com 主要問題是當用戶在瀏覽器中鍵入https://bla-bla.lang.domain.com
時,他們首先得到關於連接的通知是不安全的。然後他們需要點擊高級並繼續https://bla-bla.lang.domain.com(不安全)。之後,他們將被重定向到https://lang.domain.com。 所以我的問題是在nginx中建立https連接之前是否可以做重定向?還是可以在一些高層實現?在加密之前重寫https-URL
server {
listen 80 default;
server_name www.domain.com domain.com *.domain.com;
if ($host ~* "^.+\.(.+\.domain\.com)$") {
set "$domain" "$1";
rewrite ^(.*)$ https://$domain$uri permanent;
}
return 301 https://$host$request_uri;
}
server {
listen 443 default;
server_name www.domain.com domain.com *.domain.com;
if ($host ~* "^.+\.(.+\.domain\.com)$") {
set "$domain" "$1";
rewrite ^(.*)$ https://$domain$uri permanent;
}
ssl on;
ssl_certificate /etc/ssl/domain.com/domain.com.ca-bundle;
ssl_certificate_key /etc/ssl/domain.com/domain.com.key;
include "conf.d/ssl_settings.default";
include "conf.d/redirect.ssl.default";
include "conf.d/logger_front.default";
location/{
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HTTPS on;
proxy_pass https://somestream;
}
}