我希望流量转到https://example.com。 不允许使用www前缀,需要SSL 。
我们遇到的问题是,许多(尽管不是全部)首次访问者在点击刷新之前未被重定向到HTTPS。
您是否在我的配置中看到任何允许此行为的内容?
Student_id答案 0 :(得分:2)
正如@PeeHaa所提到的,您错过了从http到https for www.example.com的重定向。试试这个,我重新安排了服务器块,以便向www服务器添加一个HSTS头,并解决潜在的安全性错误配置,http://www被直接重定向到https://(notwww)(# HTTP server (non-www) -- redirect to https://example.com
server {
listen 80;
server_name example.com;
return 301 https://example.com$request_uri;
}
# HTTP server (www) -- redirect to https://www.example.com
server {
listen 80;
server_name www.example.com;
return 301 https://www.example.com$request_uri;
}
# HTTPS server (www) -- redirect to https://example.com -- Add HSTS header
server {
listen 443 ssl;
server_name www.example.com;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
return 301 https://example.com$request_uri;
}
# HTTPS server (non-www)
server {
listen 80;
listen 443 ssl;
server_name example.com;
root /var/www/html/mm;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $http_host;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
client_max_body_size 200m;
location / {
try_files $uri $uri/ /index.php?$query_string;
index index.php index.html index.htm install.php;
client_max_body_size 200m;
}
location ~ \.php$ {
try_files $uri /index.php =404;
#fastcgi_pass unix:/var/run/php-fpm/www.sock;
fastcgi_pass php-fpm;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
fastcgi_param PHP_VALUE "upload_max_filesize = 150M \n upload_max_filesize=151M";
fastcgi_param PHP_VALUE "post_max_size = 150M \n post_max_size=151M";
include fastcgi_params;
}
):
all: initial