我需要通过nginx创建一个http重定向。目标是:
http://subdomain.domain.tld/path - > https://subdomain.domain.tld/path http://subdomain.domain.tld:8090/path - > https://subdomain.domain.tld/path
这是我的nginx配置:
server {
listen 80;
listen 8090;
server_name subdomain.domain.tld;
return 301 https://$host$request_uri;
}
server {
listen 443;
server_name subdomain.domain.tld;
[...]
}
第一种情况正常。第二种情况在技术上,但不是在客户端浏览器。如果我通过cURL开始请求,一切看起来都很好:
curl -v "http://subdomain.domain.tld:8090/path"
* About to connect() to subdomain.domain.tld port 8090 (#0)
* Trying XX.XX.XX.XX...
* Adding handle: conn: 0x1c94010
* Adding handle: send: 0
* Adding handle: recv: 0
* Curl_addHandleToPipeline: length: 1
* - Conn 0 (0x1c94010) send_pipe: 1, recv_pipe: 0
* Connected to subdomain.domain.tld (89.15.246.188) port 8090 (#0)
> GET /oath HTTP/1.1
> User-Agent: curl/7.30.0
> Host: subdomain.domain.tld:8090
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
* Server nginx is not blacklisted
< Server: nginx
< Date: Wed, 08 Jun 2016 10:28:15 GMT
< Content-Type: text/html
< Content-Length: 178
< Connection: keep-alive
< Location: https://subdomain.domain.tld/path
<
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
但如果我在浏览器中打开网址http://subdomain.domain.tld:8090/path,我会收到网址https://subdomain.domain.tld:8090/path。浏览器切换到https但使用旧端口。
我使用Google Chrome,Firefox,Internet Explorer和Apple Safari进行了检查。结果是一样的,我不明白为什么?
答案 0 :(得分:2)
你有HSTS(Strict-Transport-Security标题)。因此浏览器完全符合此政策的要求:
https://tools.ietf.org/html/rfc6797#section-8.3
8.3.5 [...] UA 必须用“https”替换URI方案,如果URI包含一个不等于“的显式端口组件,则[...] 80“,端口组件值必须保留; ...