http到nginx上的https重定向

时间:2017-03-03 13:44:29

标签: nginx amazon-ec2 amazon-elb

我在亚马逊ELB后面的EC2机器上运行了一个网站 我在ELB上配置了SSL,因此它为我处理http和https。 https上的所有请求都能正常运行。但我想强制(重定向)http请求到https。出于某种原因,它不起作用

我在nginx中添加了重定向规则,但每当我启用该规则时,nginx服务器都会停止响应。

server {
listen 80;
server_name domain1.com;
gzip on;
gzip_proxied any;
gzip_types text/plain text/xml text/css application/x-javascript;
gzip_vary on;

access_log /var/log/nginx/domain1.access.log;

location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-NginX-Proxy true;
    proxy_pass    http://127.0.0.1:4000/;
   ###  Redirect http to https ####
   if ($http_x_forwarded_proto != "https") {
    rewrite ^(.*)$ https://$server_name$1 permanent;
   }
   add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;";
}
}

以下是Load Balancer的配置: Amazon ELB Config

请在配置错误的地方帮助我。 TIA。

2 个答案:

答案 0 :(得分:0)

尝试以下方法:

server {
    listen 80;
    listen [::]:80;
    server_name domain1.com;
    return 301 https://$host$request_uri;
}

答案 1 :(得分:0)

我建议使用此代码。 Teste在我的VPS上,但不是亚马逊ELB 

server {
server_name example.com www.example.com;
        listen 80;
        return 301 https://example.com$request_uri;
}
server {
server_name example.com;
        root /home/user/www/example/;
        include global.conf;
        include php.conf;
        include ssl.conf;
        ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

}
server{
server_name www.example.com;
        include ssl.conf;
        return 301 https://example.com$request_uri;
        ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem;
        ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem;
}

文件ssl.conf包含:

listen 443 ssl http2;
listen [::]:443 ssl http2;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AES$
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
相关问题
最新问题