我的目标是像这样重定向我的网站:
http://EXAMPLE.com/至 https://EXAMPLE.com/ (工作)
http://www.EXAMPLE.com/至 https://EXAMPLE.com/ (不工作)。这个目前正在重定向到 https://www.EXAMPLE.com/ .
此外,即使我没有在下面的服务器部分定义 api.EXAMPLE.com,当我输入 URL 作为 http://api.EXAMPLE.com/ 时, 它被重定向到 https://api.EXAMPLE.com/ .我相信这与解析到相同 IP 地址的 DNS 记录有关。我宁愿它显示找不到页面而不是重定向。
DNS 记录:
Type Name Value TTL A @ 35.161.XX.XX 600 seconds A api 35.161.XX.XX 1 Hour A www 35.161.XX.XX 1 Hour
以及 Nginx 配置文件:
# For more information on configuration, see: # * Official English Documentation: http://nginx.org/en/docs/ # * Official Russian Documentation: http://nginx.org/ru/docs/ user nginx; worker_processes auto; error_log /var/log/nginx/error.log; pid /var/run/nginx.pid; # Load dynamic modules. See /usr/share/nginx/README.dynamic. include /usr/share/nginx/modules/*.conf; events { worker_connections 1024; } http { log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; access_log /var/log/nginx/access.log main; sendfile on; tcp_nopush on; tcp_nodelay on; #keepalive_timeout 65; keepalive_timeout 15; types_hash_max_size 2048; # Enable HTTPS by default on all our websites #add_header Strict-Transport-Security "max-age=63072000; includeSubDomains"; #php max upload limit cannot be larger than this client_max_body_size 40m; include /etc/nginx/mime.types; default_type application/octet-stream; # Load modular configuration files from the /etc/nginx/conf.d directory. # See http://nginx.org/en/docs/ngx_core_module.html#include # for more information. include /etc/nginx/conf.d/*.conf; index index.php index.html index.htm; # Upstream to abstract backend connection(s) for PHP. upstream php { #this should match value of "listen" directive in php-fpm pool server unix:/tmp/php-fpm.sock; #server 127.0.0.1:9000; } # Redirect unsecured port 80 traffic (http://) to port 443 (https://) server { listen 80 default_server; listen [::]:80 default_server; server_name EXAMPLE.com www.EXAMPLE.com; #return 301 $scheme://EXAMPLE.com$request_uri; #return 301 https://$host$request_uri; return 301 https://EXAMPLE.com$request_uri; } #server { # listen 80 default_server; # listen [::]:80 default_server; #server_name localhost; # server_name EXAMPLE.com; #root /usr/share/nginx/html; # root /var/www/nginx; # Load configuration files for the default server block. # include /etc/nginx/default.d/*.conf; # proxy the PHP scripts to Apache listening on 127.0.0.1:80 # #location ~ \.php$ { # proxy_pass http://127.0.0.1; #} #} # Settings for a TLS enabled server. server { listen 443 ssl http2 default_server; listen [::]:443 ssl http2 default_server; server_name EXAMPLE.com; root /var/www/nginx; #For Basic Auth auth_basic "Restricted"; auth_basic_user_file /var/www/nginx/.htpasswd; #ssl_certificate "/etc/pki/tls/certs/EXAMPLE.crt"; #ssl_certificate_key "/etc/pki/tls/private/EXAMPLE.key"; ssl_certificate "/etc/letsencrypt/live/EXAMPLE.com/cert.pem"; ssl_certificate_key "/etc/letsencrypt/live/EXAMPLE.com/privkey.pem"; # It is *strongly* recommended to generate unique DH parameters # Generate them with: openssl dhparam -out /etc/pki/nginx/dhparams.pem 2048 #ssl_dhparam "/etc/pki/nginx/dhparams.pem"; ssl_dhparam "/etc/pki/tls/dhparams.pem"; ssl_session_cache shared:SSL:1m; ssl_session_timeout 10m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP; ssl_prefer_server_ciphers on; # Load configuration files for the default server block. include /etc/nginx/default.d/*.conf; } }
最佳答案
根据 Richard 的指导,以下是我如何删除 HTTP Strict Transport Security history from Chrome :
- 在“查询域”部分,我输入了我的域和子域:example.com、www.example.com、db.example.com、api.example.com,看看它们是否在列表中。
- 然后我将找到的那些输入到“删除域”部分,然后按“删除”。
- 我输入了 http://www.example.com进入浏览器的位置字段并按 Enter。它重定向到 https://example.com .
- 我也试过http://db.example.com和 http://api.example.com并且都被重定向到 https://example.com . 我很好奇为什么这些被重定向,因为我在 nginx.conf 中没有它们的服务器部分。是因为它解析到相同的 IP 吗?
- 最后,我尝试了 http://what.example.com并收到“无法访问此页面”错误;这是对的。
chrome://net-internals/#hsts
关于http - Nginx 将 HTTP 重定向到 HTTPS 部分工作,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/44363858/