主页 / server / 问题 / 1092523
Accepted
Andrew Swift
Asked: 2022-02-04 00:52:37 +0800 CST

NginX 网站返回带有 HTTP 的默认页面(HTTPS 正常工作)

  • 772

必须是重复的,但是我已经搜索了很长时间,但没有找到任何东西。

当我使用http输入我的网站地址时,我得到NginX 默认页面(https 可以正常工作):

http://svija.love

NginX 配置文件最后包含:

server {
    if ($host = svija.love) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name svija.love;
    listen 80;
    return 404; # managed by Certbot
}

这是由 Certbot 自动添加的

我希望语句if ($host = svija.love)会捕获 http 请求并重定向到 HTTPS。

但它不是那样工作的。

不是专家,在我看来,从server_name svija.love开始的第二部分与第一部分直接矛盾:

  • 如果主机是 svija.love,则第一个块重定向
  • 如果主机是 svija.love,则第二个块返回 404

实际配置的服务器名称是live.svija.love,如果有区别的话。

任何澄清将不胜感激。

[更新]我删除了 NginX 默认配置文件,HTTP 现在按预期重定向到 HTTPS。

不过,如果有人能解释上面的两个配置块,我很想更好地理解他们在做什么。

[更新]这不是一个好的解决方案(见下文)。

[更新这是nginx -T给出的配置:

# configuration file /etc/nginx/nginx.conf:
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
    worker_connections 768;
    # multi_accept on;
}

http {

    ##
    # Basic Settings
    ##

    sendfile off;
    tcp_nopush on;
    tcp_nodelay on;
    keepalive_timeout 65;
    types_hash_max_size 2048;
    # server_tokens off;

    # server_names_hash_bucket_size 64;
    # server_name_in_redirect off;

    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    ##
    # SSL Settings
    ##

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
    ssl_prefer_server_ciphers on;

    ##
    # Logging Settings
    ##

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    ##
    # Gzip Settings
    ##

    gzip on;

    # gzip_vary on;
    # gzip_proxied any;
    # gzip_comp_level 6;
    # gzip_buffers 16 8k;
    # gzip_http_version 1.1;
    # gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;

    ##
    # Virtual Host Configs
    ##

    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

# configuration file /etc/nginx/modules-enabled/50-mod-http-image-filter.conf:
load_module modules/ngx_http_image_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-http-xslt-filter.conf:
load_module modules/ngx_http_xslt_filter_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-mail.conf:
load_module modules/ngx_mail_module.so;

# configuration file /etc/nginx/modules-enabled/50-mod-stream.conf:
load_module modules/ngx_stream_module.so;

# configuration file /etc/nginx/mime.types:

server {

    # must match domain name or IP address
    # or else the default Nginx page will be shown
    server_name antretoise.svija.site;

    # directory of site's static elements
    location /static/ {
        root /home/antretoise;
    }

    access_log /opt/logs/access.antretoise;
    error_log /opt/logs/error.antretoise error;

    # pass all additional queries to our application
    location / {

        # parameters from /etc/nginx/uwsgi_params
        include uwsgi_params;

        # pass the traffic to the socket
        # that the uWSGI server sets up
        # SOCKETS MUST MATCH IN:
        # /etc/uwsgi/sites/antretoise.ini
        uwsgi_pass unix:/run/uwsgi/antretoise.sock;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/antretoise.svija.site/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/antretoise.svija.site/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {
    if ($host = antretoise.svija.site) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    server_name antretoise.svija.site;
    return 404; # managed by Certbot


}
# configuration file /etc/nginx/uwsgi_params:

uwsgi_param  QUERY_STRING       $query_string;
uwsgi_param  REQUEST_METHOD     $request_method;
uwsgi_param  CONTENT_TYPE       $content_type;
uwsgi_param  CONTENT_LENGTH     $content_length;

uwsgi_param  REQUEST_URI        $request_uri;
uwsgi_param  PATH_INFO          $document_uri;
uwsgi_param  DOCUMENT_ROOT      $document_root;
uwsgi_param  SERVER_PROTOCOL    $server_protocol;
uwsgi_param  REQUEST_SCHEME     $scheme;
uwsgi_param  HTTPS              $https if_not_empty;

uwsgi_param  REMOTE_ADDR        $remote_addr;
uwsgi_param  REMOTE_PORT        $remote_port;
uwsgi_param  SERVER_PORT        $server_port;
uwsgi_param  SERVER_NAME        $server_name;

ssl_session_cache shared:le_nginx_SSL:10m;
ssl_session_timeout 1440m;
ssl_session_tickets off;

ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers off;

ssl_ciphers "EC-AES128-SHA";

#———————————————————————————————————————— default

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;

    # Add index.php to the list if you are using PHP
    index index.html index.htm index.nginx-debian.html;

    server_name _;

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        try_files $uri $uri/ =404;
    }

}

#———————————————————————————————————————— svija.love

server {

    server_name svija.love;

    # directory of site's static elements
    location /static/ {
        root /home/svijalove;
    }

    access_log /opt/logs/access.svijalove;
    error_log /opt/logs/error.svijalove error;

    # pass all additional queries to our application
    location / {

        # parameters from /etc/nginx/uwsgi_params
        include uwsgi_params;

        # pass the traffic to the socket
        # that the uWSGI server sets up
        # SOCKETS MUST MATCH IN:
        # /etc/uwsgi/sites/svijalove.ini
        uwsgi_pass unix:/run/uwsgi/svijalove.sock;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/svija.love/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/svija.love/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = svija.love) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    server_name svija.love;
    listen 80;
    return 404; # managed by Certbot
}

# 6 other sites at end, all configured the same way
# except that in the last two lines,
# listen 80; is sometimes listed BEFORE return 404;
ubuntu nginx https certbot lets-encrypt

2 个回答

  1. 如果请求中的标头没有匹配的虚拟主机Host,则 nginx 将提供默认的虚拟主机内容。

    在您的情况下,您的虚拟主机将Host字段与svija.love. 但是,您似乎正在使用live.svija.love.

    由于 nginx 找不到匹配的虚拟主机,它使用它的默认主机。

    删除默认虚拟主机配置后,nginx 使用您的虚拟主机作为默认虚拟主机。这不是一个好习惯。任何人都可以为指向您网站的域设置 DNS 记录。最终结果将http://example.com显示http://live.svija.love.

    这可能会导致谷歌对重复内容进行处罚。

    为防止这种情况,您应该恢复默认虚拟主机,并调整您当前的配置以确保server_name.

    • 2
  2. Best Answer

    我在没有真正理解的情况下解决了这个问题。

    我的服务器上有 7 个网站,其中 6 个网站正常运行(http 按预期重定向到 https。)

    所有七个站点都在其 NginX 配置文件的末尾包含一个类似于以下内容的块:

    server {

# redirects traffic from http to https for each relevant domain

    if ($host = svija.love) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

# ensures that any caught requests are not inadvertently redirected

    listen 80;
    server_name svija.love;
    return 404; # managed by Certbot
}

    实际的服务器主机是live.svija.love,但有问题的网站只是svija.love(没有为 live.svija.love 配置网站)。

    很明显,该问题是由未正确评估以下行引起的:

    if ($host = svija.love) {

    顺便说一句,服务器 (live.svija.love) 没有 IPv6 配置,网站 (svija.love) 有 IPv6 配置,这不应该存在。

    我为服务器添加了 IPv6 记录,并为网站删除了它。
    这并没有影响问题。

    然后我想也许$host变量设置为live.svija.love(谁知道为什么),所以我尝试了一个我改变的测试

    if ($host = svija.love) {


    if ($host = live.svija.love) {

    正如预期的那样,NginX 默认页面被 404 错误替换(参见上面的配置块)。

    所以,我放回去

    if ($host = live.svija.love) {

    现在一切正常。对 svija.love 的 HTTP 请求被重定向到https://svija.love,我的问题就解决了。

    我假设 NginX 中有某种 DNS 缓存机制失败了,可能是因为我在过去的某个时候更改了服务器的名称。

    • 0

相关问题