在Nginx上将http重写为https

时间:2014-11-13 12:59:15

标签: linux nginx

我尝试将http://localhost重写为https://localhost

我读了一些关于此问题的答案,当我在本地服务器上试用它时,它正在工作。 我用这些方法做到了:

server {
    listen 80;

    rewrite ^(.*) https://$server_name$request_uri permanent;
    [...]
}

但是,当我来自另一台带有ip的计算机时,xxx.xxx.xxx.xxx:8086它会将我重定向到https://localhost并且我不想这样做。

所以,我尝试这样:

server {
    listen 80;

    rewrite ^(.*) https://$server_name$request_uri permanent;
    [...]
}

另一个问题:它在https://xxx.xxx.xxx.xxx没有我的:8086重定向我!这不是我想要的......

任何人都有我的解决方案吗?

非常感谢!

马克西姆。

编辑:

我的配置:

server {


    listen 80;


    #rewrite ^(.*) https://$host:8086$request_uri permanent;

    root /var/www;
    rewrite ^ https://$server_name$request_uri permanent;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ /index.html;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
        include fastcgi_params;
    }
}

server {


    listen 443 ssl;
    server_name localhost;

    ssl on;
    ssl_certificate      ./cert.crt;
    ssl_certificate_key  ./cert.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    root /var/www;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ /index.html;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /var/www/$fastcgi_script_name;
        include fastcgi_params;
    }
}

在我的rooter配置中,此服务器的端口重定向为8086。

1 个答案:

答案 0 :(得分:0)

您无法在同一端口上将http重定向到https。他们必须在不同的端口上监听,否则你只会得到一个重写循环。

例如:

server { 
    listen 80;
    server_name example.com;
    root /nowhere; # this doesn't have to be a valid path since we are redirecting, you don't have to change it.
    rewrite ^ https://$server_name$request_uri permanent;
}

server {
     listen 443 ssl;
     server_name example.com;
     root /some/valid/directory;

     ssl on;
}

编辑完整配置:

只是为了澄清你想要的:

        World
          |
          |
http://localhost:8086
          |
          |
https://localhost:8086
          |
          |
https://localhost:443

您需要使用proxy_pass。此外,nginx错误代码497可能会有所帮助:http://nginx.org/en/docs/http/ngx_http_ssl_module.html#errors

将以下服务器指令添加到您的配置中...... 

server { 
    listen 8086 ssl;
    ssl on;
    ssl_certificate      ./cert.crt;
    ssl_certificate_key  ./cert.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    error_page 497  https://$host:$server_port$request_uri;
    location / {
        proxy_pass https://localhost:443;
        proxy_redirect off;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Ssl on;
    }
}
相关问题
最新问题