Firefox重定向Nginx重写

时间:2013-10-26 08:33:49

标签: firefox ssl nginx

Firefox是我唯一遇到问题的浏览器。我发现了类似的问题,但似乎没有解决办法。

当我访问http://example.com时,nginx会将其重写为http://www.example.com。 我之所以这样做,是因为该网站在整个网站范围内使用了ssl,现在使用子域名保留在初始服务器上,因此https://subdomain.example.com也是如此。搜索引擎,旧书签和其他旧链接试图将用户带到https://example.com

在所有浏览器中,除了firefox之外,它就像魅力一样。

问题: Firefox接受http://example.com的用户请求,并将其转发至https://subdomain.example.com

然后从搜索https://example.com的搜索引擎链接中,引发了SSL错误,因为它正在尝试读取subomain.example。

我很困惑,现在早上430点了。有人在这里有任何线索吗?

这是我的nginx conf:

    upstream thin_server {
    server 0.0.0.0:8080 fail_timeout=0;
    }

server {
listen   80 default;
listen 443 ssl;
ssl off;
root /home/example/public;
server_name example.com www.example.com;
ssl_certificate /etc/nginx/ssl/www.example.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/example.key;
index index.htm index.html;

if ($host = 'example.com') {
    rewrite  ^/(.*)$  http://www.example.com/$1;
}

location / {
    try_files $uri/index.html $uri.html $uri @app;
}

location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|mp3|flv|mpeg|avi)$ {
        try_files $uri @app;
    }

 location @app {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://thin_server;
}

error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}

更新几天后开始随机工作

1 个答案:

答案 0 :(得分:1)

我有一个类似的问题,Chrome工作正常,IE和Firefox没有使用http到https重定向。 我正在寻找一天,建立各种配置,但没有任何帮助。

偶然我检查了我的防火墙(ufw状态)并意识到端口80没有打开,只有443 在允许端口80之后它起作用了。

这是我的nginx配置工作(我知道它没有优化)

# Redirect http to https
server {
    listen 80 default_server;
    listen [::]:80 default_server; 
    server_name domain.tl www.domain.tl *.domain.tl;    
    return 301 https://www.domain.tl$request_uri;
}

#HTTPS config for SSL with certificate
server {
    listen 443 ssl;
    listen [::]:443 ssl;    
    server_name www.domain.tl www.domain.tl;  

#Limited Cipers to avoid MD5 etc attacks 
   ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:SSL:10m;

#Limit to TLSv1.2 for security 
    ssl_protocols TLSv1.2;

#Chained certificate to make sure the intermediate is in
    ssl_certificate /etc/nginx/ssl/certificate.chain.crt;
    ssl_certificate_key /etc/nginx/ssl/certificat_key.key;

#PHP, Wordpress etc config
    root /var/www/html;
    index index.php index.html index.htm;

    # unless the request is for a valid file, send to bootstrap

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        #try_files $uri $uri/ =404;
        #Rewrite rule fuer Wordpress
    try_files $uri $uri/ /index.php?$args;
    }

# PHP7 specific
    location ~ \.php$ {
        try_files $uri =404;
        #fastcgi_pass 127.0.0.1:9000;
        # With php5-fpm:
        #fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    # OLD CONFIG for php5
    # location ~ \.php$ {
    #    try_files $uri =404;
    #    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #    fastcgi_pass unix:/var/run/php5-fpm.sock;
    #    fastcgi_index index.php;
    #    include fastcgi_params;
    #}
}
相关问题
最新问题