我正在Ninax反向代理服务器后面的Sinatra上运行Web服务器。要求所有HTTP请求都重定向到HTTPS,所以这是我当前的配置。
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
## Listen on port 80 for HTTP requests, redirect to https
server {
listen 80 default;
listen [::]:80 default;
return 308 https://$host$request_uri;
}
## Use HTTPS when requests are made
server {
listen 443 ssl;
# don't allow old ssl protocols
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ensure that our ciphers are preferred, and give a list of preferred ciphers
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
# enable session tickets
ssl_session_tickets on;
# TLS session cache 4 hours, 40 MB
ssl_session_cache shared:SSL:40m;
ssl_session_timeout 4h;
ssl_certificate /data/projects/cloudpeel-next/cloudpeel.crt;
ssl_certificate_key /data/projects/cloudpeel-next/cloudpeel.key;
location / {
proxy_pass http://localhost:4567;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
}
}
在大多数情况下,这很有用,除非客户端发出了POST请求。理想情况下,应该将308(或307)重定向保留在POST数据中,并再次请求客户端请求其他地址(在本例中为站点的HTTPS版本)。
但是,在Chrome中发生的是处理了请求(据我所知,它更像是301重定向,并且请求被解释为GET,对此我的后端有不同的行为,会将用户重定向到页面不正确。
我尝试使用返回301和307,但均未产生期望的结果。
奇怪的是,当在Edge和Firefox中进行测试时,该应用程序可以按预期运行。
开发人员中的网络选项卡显示以下内容:POST尝试的303代码和308 GET,这不是所需的行为。在Firefox中,仅显示代码200。我在Nginx配置中可以做些什么吗?
编辑:我尝试将Nginx中的重定向更改为301,并且Firefox仍然可以按预期运行,而Chrome仍然损坏。
答案 0 :(得分:0)
好吧,我发现了我的问题。我编辑了location / {}
块,这终于使它对我有用-希望它对某人有帮助!
map $http_upgrade $connection_upgrade {
default Upgrade;
'' close;
}
## Listen on port 80 for HTTP requests, redirect to https
server {
listen 80 default_server;
server_name localhost;
return 301 https://$host$request_uri;
}
## Use HTTPS when requests are made
server {
listen 443 ssl;
# don't allow old ssl protocols
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
# ensure that our ciphers are preferred, and give a list of preferred ciphers
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
# enable session tickets
ssl_session_tickets on;
# TLS session cache 4 hours, 40 MB
ssl_session_cache shared:SSL:40m;
ssl_session_timeout 4h;
ssl_certificate /etc/ssl/certs/cloudpeel.crt;
ssl_certificate_key /etc/ssl/certs/cloudpeel.key;
location / {
#HTTPS Config
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-SSL on;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://localhost:4567;
#WebSocket config
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
#proxy_set_header X-Real-IP $remote_addr;
}
}