我已经设置了 www.myapp.io
,它连接到由 nginx 托管的 MEAN-stack 应用程序。它有效,现在,我想向它添加 SSL
。我关注了this link使用 let's encrypt
进行保护。
但是,在配置之后,https://www.myapp.io
无法正常工作:www.myapp.io 将您重定向了太多次。 ERR_TOO_MANY_REDIRECTS
。
下面是/etc/nginx/sites-enabled/myapp.io
,有谁知道哪里错了吗?
server {
listen 80;
server_name myapp.io www.myapp.io;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name myapp.io www.myapp.io;
ssl_certificate /etc/letsencrypt/live/myapp.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/myapp.io/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:EC$
ssl_session_timeout 1d;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
location ~ /.well-known {
allow all;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept-Encoding "";
proxy_set_header Proxy "";
proxy_pass https://127.0.0.1:3000;
}
}
(我没有放ssl_session_cache shared:SSL:50m;
,因为我已经有ssl_session_cache shared:SSL:10m;
在/etc/nginx/nginx.conf
.)
添加 ssl 之前的配置文件,有效:
server {
listen 80;
server_name myopp.io *.myopp.io;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept-Encoding "";
proxy_set_header Proxy "";
proxy_pass http://127.0.0.1:3000;
}
}
PS: 该站点是通过 cloudflare
管理的,目前 clouldflare
上的 SSL
设置是灵活
,不知道要不要改。
最佳答案
正如@dave_thompson_085 在他的评论中建议的那样,在 Cloudflare 中将 Flexible
更改为 Full
将使 https://www.myapp.io
可访问...
关于ssl - 设置让我们加密后网站重定向次数过多,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43356142/