从非www域重定向到www时,Laravel Forge,Nginx和SSL上的域重定向循环

时间:2016-09-01 14:26:07

标签: laravel nginx laravel-forge

我在Laravel Forge上使用Let's Encrypt进行了HTTPS设置,并使用Laravel中间件将非安全域重定向到安全域:

if ( env('APP_ENV') === 'production' ) {
    $request->setTrustedProxies([$request->getClientIp()]);

    if ( !$request->secure() ) {
        return redirect()->secure($request->getRequestUri());
    }
}

return $next($request);

这是我的example.com(非实际域名)Nginx配置:

# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/example.com/before/*;

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name example.com;
    root /home/forge/example.com/public;

    # FORGE SSL (DO NOT REMOVE!)
    ssl_certificate /etc/nginx/ssl/example.com/120143/server.crt;
    ssl_certificate_key /etc/nginx/ssl/example.com/120143/server.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers '[...]';
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/dhparams.pem;

    index index.html index.htm index.php;

    charset utf-8;

    # FORGE CONFIG (DOT NOT REMOVE!)
    include forge-conf/example.com/server/*;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/example.com-error.log error;

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}

# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/example.com/after/*;

这是我的www.example.com配置:

# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/www.example.com/before/*;

server {
    listen 80;
    server_name www.example.com;
    return 301 $scheme://example.com$request_uri;
}

# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/www.example.com/after/*;

一切正常,HTTP重定向到HTTPS,www重定向到非www,但我想做相反的事情并将非www重定向到www。我添加了

return 301 $scheme://www.example.com$request_uri;

example.com并在www.example.com配置中对其进行了评论以删除循环,但它不起作用:

www.example.com redirected you too many times.

我还尝试将非www配置的内容复制到www配置,并在那里收听443,但它仍然无限重定向。我究竟做错了什么?谢谢你的时间。

3 个答案:

答案 0 :(得分:0)

我建议采用以下方法:

www.example.com 应该看起来像

# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/www.example.com/before/*;

server {
    listen 80;
    server_name www.example.com;
    return 301 https://www.example.com$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name www.example.com;
    root /home/forge/example.com/public;

    # FORGE SSL (DO NOT REMOVE!)
    ssl_certificate /etc/nginx/ssl/example.com/120143/server.crt;
    ssl_certificate_key /etc/nginx/ssl/example.com/120143/server.key;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers '[...]';
    ssl_prefer_server_ciphers on;
    ssl_dhparam /etc/nginx/dhparams.pem;

    index index.html index.htm index.php;

    charset utf-8;

    # FORGE CONFIG (DOT NOT REMOVE!)
    include forge-conf/example.com/server/*;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/example.com-error.log error;

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}
# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/www.example.com/after/*;

example.com 应该看起来像

# FORGE CONFIG (DOT NOT REMOVE!)
include forge-conf/example.com/before/*;

server {
    listen 80;
    server_name example.com;
    return 301 $scheme://www.example.com$request_uri;
}

include forge-conf/example.com/after/*;

答案 1 :(得分:0)

只需切换配置,通过交换机将www添加到这些配置文件中的非www。此外,由于您使用的是Lets Encrypt for SSL,因此您可能需要切换ssl_certificatessl_certificate_key的配置以指向正确的文件,

ssl_certificate /etc/nginx/ssl/www.example.com/120143/server.crt;
ssl_certificate_key /etc/nginx/ssl/www.example.com/120143/server.key;

只需重新启动计算机即可刷新网络缓存。

答案 2 :(得分:0)

  

一切正常,HTTP重定向到HTTPS,www重定向到非www,但我想做相反的事情并将非www重定向到www。

根据Force WWW behind an AWS EC2 Load Balancer,会发生这种情况,因为默认rejectedPlan,您从未提及但必须仍然包含该内容,但仍必须包含forge-conf/example.com/before/redirect.conf定义serverserver_name www.example.com因此,当您尝试在自己的配置中执行相反的return 301 $scheme://example.com$request_uri;时,以及必须保留的默认配置,您将创建一个完整的重定向循环。