我想我可能已经咬过这个nginx配置我想要写的东西了。我是nginx configs的新手,我正在尝试编写一个非常复杂的配置(至少对我而言)。任何帮助都将非常感激。
- 将http $ http_x_forwarded_proto重定向为https(https切断ec2负载均衡器)
- 使用prerender.io的nginx中间件(seo用于可抓取的单页应用程序)
- 将任何查询参数(
_escaped_fragment_=)从http传递到https- 将所有子域请求重定向到https://example.com/c/ $ subdomain
- 允许http://example.com/healthcheck.txt通过http(负载均衡器运行状况检查)
server {
listen 80;
server_name example.com;
root /var/www/html/dist;
index index.html;
error_log /var/log/mysite/error.log;
access_log /var/log/mysite/access.log;
location /healthcheck.txt {
break;
}
location / {
try_files $uri @prerender;
if ($http_x_forwarded_proto != "https") {
set $urltest N;
}
if ($query_string) {
set $urltest "${urltest}Y";
}
if ($urltest = N) {
rewrite ^(.*)$ https://example.com$1 permanent;
}
if ($urltest = NY) {
rewrite ^(.*)$ https://example.com$1?$query_string permanent;
}
}
location @prerender {
proxy_set_header X-Prerender-Token MY_TOKEN;
set $prerender 0;
if ($http_user_agent ~* "baiduspider|twitterbot|facebookexternalhit|rogerbot|linkedinbot|embedly|quora link preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Validator") {
set $prerender 1;
}
if ($args ~ "_escaped_fragment_") {
set $prerender 1;
}
if ($http_user_agent ~ "Prerender") {
set $prerender 0;
}
if ($uri ~ "\.(js|css|xml|less|png|jpg|jpeg|gif|pdf|doc|txt|ico|rss|zip|mp3|rar|exe|wmv|doc|avi|ppt|mpg|mpeg|tif|wav|mov|psd|ai|xls|mp4|m4a|swf|dat|dmg|iso|flv|m4v|torrent|ttf|woff)") {
set $prerender 0;
}
#resolve using Google's DNS server to force DNS resolution and prevent caching of IPs
resolver 8.8.8.8;
if ($prerender = 1) {
#setting prerender as a variable forces DNS resolution since nginx caches IPs and doesnt play well with load balancing
set $prerender "service.prerender.io";
rewrite .* /$scheme://$host$request_uri? break;
proxy_pass http://$prerender;
}
if ($prerender = 0) {
rewrite .* /index.html break;
}
}
}
server {
listen 80;
server_name ~^(?<sub>.+)\.example\.com$ ;
rewrite ^ https://example.com/c/$sub;
}
- 使用prerender.io的nginx中间件
这根本不起作用,但是没有https重定向
它确实有效
- 将任何查询参数(
_escaped_fragment_=)从http传递到https
它可以工作,但重复查询参数,如:?_escaped_fragment_=&_escaped_fragment_=
任何人都可以提供任何建议吗?
答案 0 :(得分:4)
我终于能够解决它了。我让SSL通过负载均衡器并自己到达服务器,我不能简单地将http重定向到https,而不必担心负载均衡器造成的复杂性。
这是我更新的配置:
server {
listen 80;
server_name ~^(?<sub>.+)\.example\.com$ ;
if ($sub = 'www') {
return 301 https://$host$request_uri;
}
if ($sub != '') {
rewrite ^ https://example.com/c/$sub;
}
if ($sub = '') {
return 301 https://$host$request_uri;
}
}
server {
listen 443;
server_name example.com;
ssl on;
ssl_certificate /etc/ssl/star_example_com.pem;
ssl_certificate_key /etc/ssl/star_example_com.key;
root /var/www/html/dist;
index index.html;
access_log /var/log/example/ssl.access.log;
error_log /var/log/example/ssl.error.log;
include /etc/nginx/content_redirects.conf;
location / {
try_files $uri @prerender;
}
location @prerender {
proxy_set_header X-Prerender-Token MY_KEY;
set $prerender 0;
if ($http_user_agent ~* "baiduspider|twitterbot|facebookexternalhit|rogerbot|linkedinbot|embedly|quora link preview|showyoubot|outbrain|pinterest|slackbot|vkShare|W3C_Valid
ator") {
set $prerender 1;
}
if ($args ~ "_escaped_fragment_") {
set $prerender 1;
}
if ($http_user_agent ~ "Prerender") {
set $prerender 0;
}
if ($uri ~ "\.(js|css|xml|less|png|jpg|jpeg|gif|pdf|doc|txt|ico|rss|zip|mp3|rar|exe|wmv|doc|avi|ppt|mpg|mpeg|tif|wav|mov|psd|ai|xls|mp4|m4a|swf|dat|dmg|iso|flv|m4v|torrent|
ttf|woff)") {
set $prerender 0;
}
#resolve using Google's DNS server to force DNS resolution and prevent caching of IPs
resolver 8.8.8.8;
if ($prerender = 1) {
#setting prerender as a variable forces DNS resolution since nginx caches IPs and doesnt play well with load balancing
set $prerender "service.prerender.io";
rewrite .* /https://$host$request_uri? break;
proxy_pass http://$prerender;
}
if ($prerender = 0) {
rewrite .* /index.html break;
}
}
}