Question

我最近买了一个我想试用的SSL证书。我还第一次创建了一个VPS服务器，经过多次挣扎和愤怒的管理后，我成功地在Ubuntu 14.04上安装了LEMP和NGINX，并且还安装了SSL证书。我的网站是wknet.se。

现在，我想重写网址：

----------------------------------------------------------------
|             From                 |              To           |
----------------------------------------------------------------
|   http://wknet.se                |   https://www.wknet.se    |
|   http://wknet.se/index.php      |   https://www.wknet.se    |
|   http://www.wknet.se/index.php  |   https://www.wknet.se    |
|   wknet.se                       |   https://www.wknet.se    |
|   wknet.se/index.php             |   https://www.wknet.se    |
|   www.wknet.se/index.php         |   https://www.wknet.se    |
|   https://wknet.se               |   https://www.wknet.se    |
|   https://wknet.se/index.php     |   https://www.wknet.se    |
----------------------------------------------------------------

经过多次试验和错误以及几次毁灭性的工作后，我只剩下2次重写：

----------------------------------------------------------------
|             From                 |              To           |
----------------------------------------------------------------
|   https://wknet.se               |   https://www.wknet.se    |
|   https://wknet.se/index.php     |   https://www.wknet.se    |
----------------------------------------------------------------

现在，我不知道如何修复它们！我用谷歌搜索和谷歌搜索了NGINX的几个好的重写规则，但我还没想到它。

这是我第一次在NGINX上处理SSL，重写规则等。

现在，这就是wknet.se的服务器设置：

server {
   listen 80 default_server;
   listen [::]:80 default_server ipv6only=on;

   add_header Strict-Transport-Security max-age=15768000;
   return 301 https://www.wknet.se$request_uri; 
}
server {
   listen 443 ssl;
   server_name www.wknet.se;

   root /var/www/wknet.se/html;
   index index.php index.html index.htm;

   ssl_certificate /etc/nginx/ssl/SSL.CRT;
   ssl_certificate_key /etc/nginx/ssl/KEY.KEY;

   ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
   ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;
   ssl_prefer_server_ciphers on;

   error_page 404 /404.html;
   error_page 500 502 503 504 /50x.html;

   location / {
      try_files $uri $uri/ =404;
   }

   location = /50x.html {
      root /usr/share/nginx/html;
   }

   location ~ \.php$ {
      try_files $uri =404;
      fastcgi_split_path_info ^(.+\.php)(/.+)$;
      fastcgi_pass unix:/var/run/php5-fpm.sock;
      fastcgi_index index.php;
      include fastcgi_params;
   }
   location = /index {
      rewrite ^/index\.(php)$ https://www.wknet.se/ permanent;
   }

   location ~ /\.ht {
      deny all;
   }

   location = /favicon.ico {
      log_not_found off;
      access_log off;
   }

   location = /robots.txt {
      allow all;
      log_not_found off;
      access_log off;
   }

   location ~ /\. { 
      deny all; 
      error_log off; 
      log_not_found off; 
   }

   location ~* .(jpg|jpeg|png|gif|ico|css|js)$ {
      log_not_found off;
      expires 365d;
   }

   location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|png|gif|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
      access_log off;
      log_not_found off;
      expires max;
      add_header Pragma public;
      add_header Cache-Control "public, must-revalidate, proxy-revalidate";
   }

   location ~* \.(7z|ai|class|css|csv|ejs|eps|flv|html?|jar|jpe?g|js|json|lzh|m4a|m4v|mov|mp3|pdf|pict|pls|ps|psd|swf|tiff?|txt|webp)$ {
      access_log off; 
      log_not_found off;
      expires max;
      add_header Pragma public;
      add_header Cache-Control "public, must-revalidate, proxy-revalidate";
   }
}

如果有人能帮助我，我真的很开心！此外，如果有人在我的服务器设置上有提示进行一些改进，它也会有所帮助，因为我不知道我是否已经正确地完成了它！

谢谢！

Answer 1

要从 example.com 重定向到 www.example.com ，您只需创建一个单独的服务器块并相应地设置 server_name 。在您的设置中，您可以这样做：

server {
    listen 443 ssl;
    server_name wknet.se;

    ssl_certificate /etc/nginx/ssl/SSL.CRT;
    ssl_certificate_key /etc/nginx/ssl/KEY.KEY;

    # OBSOLETE:
    # ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
    # ssl_ciphers ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM;

    # Use currently secure protocols
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4';

    ssl_prefer_server_ciphers on;

    return 301 https://www.wknet.se$request_uri;
}

以上内容会将所有 https://wknet.se/ ... 请求重定向到 https://www.wknet.se/ ... 。

对于 https ，您需要在块中包含ssl证书密钥（或者，如果所有服务器都在使用，您可以在 http 块中设置ssl cert。语句同一套）。

添加配置

如果您要将 http://wknet.se/ ... 重定向到 http://www.wknet.se/ ... - 对ssl https请求的正常http请求 - 添加一个侦听端口80并重定向到端口443的其他服务器块：

server {
    listen 80;
    server_name *.wknet.se wknet.se;
    return 301 https://www.wknet.se$request_uri;
}

以上内容将重定向 http://wknet.se/ ... 以及任何子域名请求，例如 http://www.wknet.se/ ... 或 {{3 } <... em>等，以 http://static.wknet.se/ ... 。

2015-03-28修订说明

更新了使用安全SSL协议的示例代码。原始示例使用不推荐使用的SSLv3。我根据当前的做法将ssl_protocols和ssl_ciphers替换为更安全的设置。

NGINX http://example.com改为https://www.example.com，如何？

1 个答案: