我有一台nginx服务器在运行我的网站。出于安全原因,所有连接都被重定向到SSL。
但是,我正在拼命寻找如何从此重定向中排除一个位置。我已经尝试过重写,重定向,proxy_pass等,但它似乎没有用。
我不想(301或302)重定向我的网站,我只希望SSL是可选的。位置各种类型的文件(js,php,html)。
例如
server {
listen 80;
server_name example.com
root /var/www/example;
location /unsafe {
try_files $uri $uri/ /index.php;
}
location / {
rewrite ^ https://$server_name$request_uri? permanent;
}
# other rules...
}
server {
listen 443;
server_name example.com
root /var/www/example;
location / {
try_files $uri $uri/ /index.php;
}
# other rules...
}
不起作用。
我也尝试使用redirect或rewrite代替try_files,但没有运气。问题是,我不希望流量被重定向,重写或代理,我只希望nginx传递example.com/unsafe上的所有请求
我得到的只是一堆404和502。
我做错了什么?
干杯
答案 0 :(得分:1)
您应该为正常的http连接(在端口80上)和https SSL连接(在端口443上)提供单独的服务器块。
server {
listen 80;
server_name your-domain.com
root /var/www/;
location /unsafe {
try_files $uri $uri/ /index.php;
}
# your other rules...
}
server {
listen 443;
server_name your-domain.com
root /var/www/;
location / {
try_files $uri $uri/ /index.php;
}
# your other rules...
}
如果您希望站点上的所有文件使用https连接(SSL,端口443) EXCEPT / unsafe 目录中的那些文件,那么这就是您的服务器阻止的内容应该是这样的:
# This server block handles all requests on port 80 and serves only files inside
# the /unsafe directory. Everything else is redirected to an SSL connection on
# port 443.
server {
listen 80;
server_name your-domain.com
root /var/www/;
# only serve requests to files in the /unsafe directory
location /unsafe {
try_files $uri $uri/ =404;
}
# all other locations redirect to https connection
location / {
return 301 https://your-domain.com$request_uri;
}
# this location block proxies requests for PHP files to
# your fcgi php processor
location ~ /unsafe/.*\.php$ {
try_files $uri =404;
# your fcgi rules here...
}
# your other rules...
}
# This server block handles all SSL (port 443) connections.
server {
listen 443;
server_name your-domain.com
root /var/www/;
location / {
try_files $uri $uri/ =404;
}
# this location block proxies requests for PHP files to
# your fcgi php processor
location ~ \.php$ {
try_files $uri =404;
# your fcgi rules here...
}
# your other rules...
}