我希望流量转到https://example.com . 不允许使用 www 前缀,并且需要 SSL。
我们遇到的问题是许多(虽然不是全部)第一次访问者在点击刷新之前没有被重定向到 HTTPS。
你在我的配置中看到任何允许这种行为的东西吗?
server {
listen 80;
listen 443 ssl;
server_name www.example.com;
return 301 https://example.com$request_uri;
}
server {
listen 80;
listen 443 ssl;
server_name example.com;
root /var/www/html/mm;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $http_host;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
client_max_body_size 200m;
location / {
try_files $uri $uri/ /index.php?$query_string;
index index.php index.html index.htm install.php;
client_max_body_size 200m;
}
location ~ \.php$ {
try_files $uri /index.php =404;
#fastcgi_pass unix:/var/run/php-fpm/www.sock;
fastcgi_pass php-fpm;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
fastcgi_param PHP_VALUE "upload_max_filesize = 150M \n upload_max_filesize=151M";
fastcgi_param PHP_VALUE "post_max_size = 150M \n post_max_size=151M";
include fastcgi_params;
}
最佳答案
正如@PeeHaa 所提到的,对于 www.example.com,您缺少从 http 到 https 的重定向。在我重新排列服务器 block 的地方试试这个,以便将 HSTS header 添加到 www 服务器并解决潜在的安全配置错误,其中 http://www
被直接重定向到 https://(不是 www)
(根据 https://wiki.mozilla.org/Security/Guidelines/Web_Security#HTTP_Redirections ):
# HTTP server (non-www) -- redirect to https://example.com
server {
listen 80;
server_name example.com;
return 301 https://example.com$request_uri;
}
# HTTP server (www) -- redirect to https://www.example.com
server {
listen 80;
server_name www.example.com;
return 301 https://www.example.com$request_uri;
}
# HTTPS server (www) -- redirect to https://example.com -- Add HSTS header
server {
listen 443 ssl;
server_name www.example.com;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
return 301 https://example.com$request_uri;
}
# HTTPS server (non-www)
server {
listen 80;
listen 443 ssl;
server_name example.com;
root /var/www/html/mm;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $http_host;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
client_max_body_size 200m;
location / {
try_files $uri $uri/ /index.php?$query_string;
index index.php index.html index.htm install.php;
client_max_body_size 200m;
}
location ~ \.php$ {
try_files $uri /index.php =404;
#fastcgi_pass unix:/var/run/php-fpm/www.sock;
fastcgi_pass php-fpm;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
fastcgi_param PHP_VALUE "upload_max_filesize = 150M \n upload_max_filesize=151M";
fastcgi_param PHP_VALUE "post_max_size = 150M \n post_max_size=151M";
include fastcgi_params;
}
关于ssl - NGINX 重定向到 HTTPS 仅在刷新后有效,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/40245237/