我的服务器上运行了2个域,NGINX只是将它们代理到节点应用程序。我有一个证书,但另一个我只是使用cloudflare来提供HTTPS。我想确保当用户访问任一域时,他们总是被重定向到域的HTTPS版本,而没有www。这是我当前的配置,取消注释domain2配置文件的块似乎打破了两个站点:(
domain1配置文件:
upstream domain1.com {
server 127.0.0.1:8000;
keepalive 8;
}
server {
listen 0.0.0.0:80;
server_name domain1.com www.domain1.com;
return 301 https://domain1.com$request_uri;
}
server {
#listen 80;
listen 443 ssl http2;
server_name domain1.com;
access_log /var/log/nginx/domain1.com.log;
root /var/www/domain1.com/client/public;
include /etc/nginx/global/cloudflare-allow.conf;
ssl_certificate /etc/nginx/ssl/domain1.crt;
ssl_certificate_key /etc/nginx/ssl/domain1.key;
if ($bad_referer) {
return 444;
}
location / {
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
proxy_pass http://domain1.com;
proxy_redirect off;
}
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|webp)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
location ~* \.(?:rss|atom)$ {
expires 1h;
add_header Cache-Control "public";
}
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
expires -1;
}
}
server {
listen 443 ssl http2;
server_name www.domain1.com;
return 301 https://domain1.com$request_uri;
}
domain2配置文件:
upstream domain2.com {
server 127.0.0.1:9000;
keepalive 8;
}
#server {
# listen 80;
# server_name domain2.com www.domain2.com;
# return 301 https://$server_name$request_uri;
#}
server {
listen 80;
#listen 443 ssl http2;
server_name domain2.com;
access_log /var/log/nginx/domain2.com.log;
root /var/www/domain2.com;
include /etc/nginx/global/cloudflare-allow.conf;
if ($bad_referer) {
return 444;
}
location / {
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
proxy_pass http://domain2.com;
proxy_redirect off;
}
location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc|webp)$ {
expires 1M;
access_log off;
add_header Cache-Control "public";
}
# CSS and Javascript
location ~* \.(?:css|js)$ {
expires 1y;
access_log off;
add_header Cache-Control "public";
}
location ~* \.(?:rss|atom)$ {
expires 1h;
add_header Cache-Control "public";
}
location ~* \.(?:manifest|appcache|html?|xml|json)$ {
expires -1;
}
}
答案 0 :(得分:1)
当通过CloudFlare的灵活SSL模式完成SSL时,与源的通信是通过端口80的HTTP流量。
为了检测此流量是否为HTTPS,您无法使用HTTPS环境变量,则必须检查X-Forwarded-Proto标头是否设置为HTTPS。
您可以在Nginx中执行以下操作:
if ($http_x_forwarded_proto != "https") {
rewrite ^(.*)$ https://$server_name$1 permanent;
}
更简单的方法是简单地设置"Always use HTTPS" Page Rule in CloudFlare。