1. 首頁
  2. 問答
  3. 將http請求重定向到https在nginx服務器上

將http請求重定向到https在nginx服務器上

2017-08-27 196 views
0

我正在使用ubuntu 14.04和nginx在數字海洋服務器上運行應用程序。我的應用程序通過gunicorn運行。我想直接將http請求重定向到https。 我試圖將http請求重定向到https在nginx服務器上

server { 
    # Running port 
    listen 80; 
    server_name example.com www.example.com; 

    return 301 https://$host$request_uri;

和它的作品在Safari。但它不適用於Chrome或Firefox?任何想法我做錯了什麼? 我在下面附

worker_processes 1; 

events { 
    worker_connections 1024; 
} 

http { 
    include /etc/nginx/mime.types; 

    sendfile on; 

    gzip    on; 
    gzip_http_version 1.1; 
    gzip_comp_level 5; 
    gzip_proxied  any; 
    gzip_min_length 256; 
    gzip_vary   on; 

    # Configuration containing list of application servers 
    upstream app_servers { 
     server 127.0.0.1:8080; 
    } 

    # Configuration for Nginx 
    server { 
     # Running port 
     listen 80; 
     server_name example.com www.example.com; 

     return 301 https://$host$request_uri; 

     # Settings to serve static files 
     location /static/ { 

      # Example: 
      # root /full/path/to/application/static/file/dir; 
      root /var/www/example/app/; 

      location ~* \.(jpg|woff|jpeg|png|gif|ico|css)$ { 
       expires 30d; 
      } 

      location ~* \.(js)$ { 
       expires 1d; 
      } 

      # we do not cache html, xml or json 
      location ~* \.(?:manifest|appcache|html?|xml|json)$ { 
       expires -1; 
       # access_log logs/static.log; # I don't usually include a static log 
      } 

      location ~* \.(pdf)$ { 
       expires 30d; 
      } 
     } 

     # Serve a static file (ex. favico) 
     # outside /static directory 
     location = /favico.ico { 

      root /app/favico.ico; 
      gzip_static on; 
     } 
    } 

    server { 
     listen 443 ssl; # managed by Certbot 
     ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem; # managed by Certbot 
     ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; # managed by Certbot 
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot 

     ssl_dhparam /etc/ssl/certs/dhparam.pem; 

     # Proxy connections to the application servers 
     # app_servers 
     location/{ 
      proxy_connect_timeout 300s; 
      proxy_read_timeout 300s; 
      proxy_pass   http://app_servers; 
      proxy_redirect  off; 
      # proxy_redirect http:// https://; 
      proxy_set_header Host $host; 
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
      proxy_set_header X-Forwarded-Host $server_name; 
     } 
    } 
}

來源

2017-08-27 carl

回答

0

整個nginx.conf文件中的所有你不應該擔任什麼HTTP第一。一切都應該是HTTPS,甚至favico.ico

worker_processes 1; 

events { 
    worker_connections 1024; 
} 

http { 
    include /etc/nginx/mime.types; 

    sendfile on; 

    gzip    on; 
    gzip_http_version 1.1; 
    gzip_comp_level 5; 
    gzip_proxied  any; 
    gzip_min_length 256; 
    gzip_vary   on; 

    # Configuration containing list of application servers 
    upstream app_servers { 
     server 127.0.0.1:8080; 
    } 

    # Configuration for Nginx 
    server { 
     # Running port 
     listen 80; 
     server_name example.com www.example.com; 

     return 301 https://$host$request_uri; 

    } 

    server { 
     listen 443 ssl; # managed by Certbot 
     ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem; # managed by Certbot 
     ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; # managed by Certbot 
     include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot 

     ssl_dhparam /etc/ssl/certs/dhparam.pem; 

     # Settings to serve static files 
     location /static/ { 

      # Example: 
      # root /full/path/to/application/static/file/dir; 
      root /var/www/example/app/; 

      location ~* \.(jpg|woff|jpeg|png|gif|ico|css)$ { 
       expires 30d; 
      } 

      location ~* \.(js)$ { 
       expires 1d; 
      } 

      # we do not cache html, xml or json 
      location ~* \.(?:manifest|appcache|html?|xml|json)$ { 
       expires -1; 
       # access_log logs/static.log; # I don't usually include a static log 
      } 

      location ~* \.(pdf)$ { 
       expires 30d; 
      } 
     } 

     # Serve a static file (ex. favico) 
     # outside /static directory 
     location = /favico.ico { 

      root /app/favico.ico; 
      gzip_static on; 
     } 

     # Proxy connections to the application servers 
     # app_servers 
     location/{ 
      proxy_connect_timeout 300s; 
      proxy_read_timeout 300s; 
      proxy_pass   http://app_servers; 
      proxy_redirect  off; 
      # proxy_redirect http:// https://; 
      proxy_set_header Host $host; 
      proxy_set_header X-Real-IP $remote_addr; 
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
      proxy_set_header X-Forwarded-Host $server_name; 
     } 
    } 
}

下,當你在Chrome或其他瀏覽器中測試,確保開一個私人或隱身窗口。

來源

2017-08-27 05:08:26

+0

好吧,所以你建議把靜態的東西放在listen 443 ssl語句下面......我試過了,但它仍然沒有做到我想要的。它服務於http和https,但我總想重定向到https ... – carl

+0

請加入此討論室https://chat.stackoverflow.com/rooms/152957/edirect-http-request-to-https-on-nginx -服務器 –

相關問題

 相關問題