正如标题所述,我想做的是保持我的配置完整,只需添加一个/ location / location需要从$ scheme重定向中跳过。 简而言之,设置是 将所有内容重定向到上游 添加www 添加https(使用letsencrypt ssl) 需要跳过https部分以获取特定位置。可以说如果我输入:www.example.com/location我需要输入http proto。
谢谢您的帮助!
配置文件:
<code>upstream example.com {
server 1.2.3.4:80;
}
server {
listen 80;
server_name example.com;
return 302 https://www.$host$request_uri;
location / {
proxy_pass http://example.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server{
listen 443 ssl; # managed by Certbot
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com-0001/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
return 302 https://www.$host$request_uri;
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
resolver 1.1.1.1 8.8.8.8;
resolver_timeout 5s;
add_header Strict-Transport-Security max-age=15768000;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
server_tokens off;
location / {
proxy_pass http://example.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name www.example.com;
return 302 https://$host$request_uri;
location / {
proxy_pass http://example.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server{
listen 443 ssl; # managed by Certbot
server_name www.example.com;
ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
ssl_stapling on;
ssl_stapling_verify on;
resolver1.1.1.1 8.8.8.8;
resolver_timeout 5s;
add_header Strict-Transport-Security max-age=15768000;
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
add_header X-Frame-Options SAMEORIGIN;
add_header X-XSS-Protection "1; mode=block";
server_tokens off;
location / {
proxy_pass http://example.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
答案 0 :(得分:0)
所以我一直在寻找解决方案,所以我进行了几次测试,幸运的是找到了一个。 我将其发布在这里...。也许有人遇到相同的问题!
答案是这样的
server {
listen 80;
server_name www.example.com;
# return 302 https://$host$request_uri;
location /location {
proxy_pass http://example.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location / {
return 302 https://$host$request_uri;
proxy_pass http://example.com;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
所以解释一下。...
仅用于服务器www.example.com(不适用于上述配置的其余部分), 我注释掉了302重定向。 到目前为止,conf表示端口80。 AM!位置 /位置 对于/ location代理,一切都返回上游。 BAM2位置 / 对于其他所有内容,请执行302重定向到https,然后代理到上游。
问题解决了。