强制Firefox中的子域重定向到特定子域的https

时间:2016-06-05 14:46:59

标签: google-chrome firefox nginx

我有2台服务器使用nginx。所有这些都适用于我的主服务器,如下面的方案:

但是在我使用 owncloud 的第二台服务器上,使用Firefox浏览器时有一个小小的错误行为:

我不知道为什么会重定向到 www 子域名。

服务器配置是:

server {
    listen 80;
    listen [::]:80;
    listen 443 ssl;

    root        /var/www/www;
    index       index.php index.html index.htm;
    server_name www.MYSERVER.eu;

    if ($host ~* 'oc\.[^.]+\.[^.]+$')  {
        set $host_without_www $1.$2;
        rewrite ^(.*) $scheme://oc.$host_without_www$1 permanent;
    } 

    ssl_certificate /etc/ssl/certs/pem.crt;
    ssl_certificate_key /etc/ssl/private/private.key;

    location / { 
        if (!-e $request_filename)
        {
            rewrite ^([_0-9a-zA-Z-]+)?(/wp-.*) $2 last;
            rewrite ^([_0-9a-zA-Z-]+)?(/.*\.php)$ $2 last;
            rewrite ^ /index.php last;
        }
    }

    location ~ \.php$ {
        try_files $uri/ $uri /index.php?$query_string;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME   $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }

    location /doc {
        root /usr/share;
        autoindex on;
        allow 127.0.0.1;
        deny all;
    }
    location /images {
        expires 168h; 
        add_header Pragma public;
        add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    }       

    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /var/www/www;
    }
}

server {
    listen 80;
    listen [::]:80;
    listen 443 ssl;
    ssl    on;

    root        /var/www/owncloud;
    index       index.php index.html index.htm;
    server_name oc.MYSERVER.eu;

    add_header Strict-Transport-Security "max-age=31536000";

    ssl_certificate /etc/ssl/certs/pem.crt;
    ssl_certificate_key /etc/ssl/private/private.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    client_max_body_size 10G; # set max upload size
    fastcgi_buffers 64 4K;

    rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
    rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
    rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;

    index index.php;
    error_page 403 /core/templates/403.php;
    error_page 404 /core/templates/404.php;

    location = /robots.txt {
        allow all;
        log_not_found off;
        access_log off;
    }

    location = /(favicon.ico|robots.txt) {
        access_log off;
        log_not_found off;
    } 

    location ~ /\.ht {
        deny all;
    } 

    location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
        deny all;
    }

    location / {
        # The following 2 rules are only needed with webfinger
        rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
        rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;

        rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
        rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;

        rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;

        try_files $uri $uri/ index.php;
    }

    location ~ ^(.+?\.php)(/.*)?$ {
        try_files $1 = 404;

        include fastcgi_params;
        fastcgi_param   SCRIPT_FILENAME   $document_root$fastcgi_script_name;
        fastcgi_param   htaccessWorking true;
        fastcgi_param   PATH_INFO $2;
        fastcgi_param   HTTPS on;
        fastcgi_pass    127.0.0.1:9000;
    }

    # Optional: set long EXPIRES header on static assets
    location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
        expires 30d;
        # Optional: Don't log access to assets
        access_log off;
    } 
}

这是Firefox的漏洞或功能吗?我的意思是在Chrome中这不会发生。但在Firefox中,他重定向到错误的服务器。我完全不知道他为什么这样做。

额外:我也想知道我能做到这一点:

(我想在oc子域上强制使用SSL):

1 个答案:

答案 0 :(得分:0)

所以这为我修好了。我不得不等一天,直到 DNS /路由器获得最新信息。所以不要指望变化能够立即发挥作用。现在一天后它可以在Firefox,Chrome和IE中使用。

所以关于这个方法的基本思路是创建一个正在侦听端口80的子服务器。当请求http时,这个重定向到https。正如我所说,测试真的很难,因为浏览器会影响配置,你总是需要等几分钟甚至几天来检查当前的状态。

但最后它有效。所以这就是你需要编辑的内容:

server {
    ...
    server_name www.MYSERVER.eu;
    ...
}

server {
    listen 80;
    server_name oc.MYSERVER.eu;
    if ($scheme = http) {
        return 301 https://$server_name$request_uri;
    }   
}

server {
    listen 443 default_server ssl;
    ssl    on;

    root        /var/www/owncloud;
    index       index.php index.html index.htm;
    server_name oc.MYSERVER.eu;
    ...
}