我有2台服务器使用nginx。所有这些都适用于我的主服务器,如下面的方案:
但是在我使用 owncloud 的第二台服务器上,使用Firefox浏览器时有一个小小的错误行为:
我不知道为什么会重定向到 www 子域名。
服务器配置是:
server {
listen 80;
listen [::]:80;
listen 443 ssl;
root /var/www/www;
index index.php index.html index.htm;
server_name www.MYSERVER.eu;
if ($host ~* 'oc\.[^.]+\.[^.]+$') {
set $host_without_www $1.$2;
rewrite ^(.*) $scheme://oc.$host_without_www$1 permanent;
}
ssl_certificate /etc/ssl/certs/pem.crt;
ssl_certificate_key /etc/ssl/private/private.key;
location / {
if (!-e $request_filename)
{
rewrite ^([_0-9a-zA-Z-]+)?(/wp-.*) $2 last;
rewrite ^([_0-9a-zA-Z-]+)?(/.*\.php)$ $2 last;
rewrite ^ /index.php last;
}
}
location ~ \.php$ {
try_files $uri/ $uri /index.php?$query_string;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location /doc {
root /usr/share;
autoindex on;
allow 127.0.0.1;
deny all;
}
location /images {
expires 168h;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/www;
}
}
server {
listen 80;
listen [::]:80;
listen 443 ssl;
ssl on;
root /var/www/owncloud;
index index.php index.html index.htm;
server_name oc.MYSERVER.eu;
add_header Strict-Transport-Security "max-age=31536000";
ssl_certificate /etc/ssl/certs/pem.crt;
ssl_certificate_key /etc/ssl/private/private.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
client_max_body_size 10G; # set max upload size
fastcgi_buffers 64 4K;
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /(favicon.ico|robots.txt) {
access_log off;
log_not_found off;
}
location ~ /\.ht {
deny all;
}
location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
deny all;
}
location / {
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ index.php;
}
location ~ ^(.+?\.php)(/.*)?$ {
try_files $1 = 404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param htaccessWorking true;
fastcgi_param PATH_INFO $2;
fastcgi_param HTTPS on;
fastcgi_pass 127.0.0.1:9000;
}
# Optional: set long EXPIRES header on static assets
location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
# Optional: Don't log access to assets
access_log off;
}
}
这是Firefox的漏洞或功能吗?我的意思是在Chrome中这不会发生。但在Firefox中,他重定向到错误的服务器。我完全不知道他为什么这样做。
额外:我也想知道我能做到这一点:
(我想在oc子域上强制使用SSL):
答案 0 :(得分:0)
所以这为我修好了。我不得不等一天,直到 DNS /路由器获得最新信息。所以不要指望变化能够立即发挥作用。现在一天后它可以在Firefox,Chrome和IE中使用。
所以关于这个方法的基本思路是创建一个正在侦听端口80的子服务器。当请求http时,这个重定向到https。正如我所说,测试真的很难,因为浏览器会影响配置,你总是需要等几分钟甚至几天来检查当前的状态。
但最后它有效。所以这就是你需要编辑的内容:
server {
...
server_name www.MYSERVER.eu;
...
}
server {
listen 80;
server_name oc.MYSERVER.eu;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 default_server ssl;
ssl on;
root /var/www/owncloud;
index index.php index.html index.htm;
server_name oc.MYSERVER.eu;
...
}