Gzip 与反向代理缓存

Question

spuder

Asked: 2013-10-22 19:53:38 +0800 CST2013-10-22 19:53:38 +0800 CST 2013-10-22 19:53:38 +0800 CST

如何将http请求重定向到https（nginx）

772

那里似乎有很多问题和指南，指导如何设置 nginx 以将 http 请求重定向到 https。许多已经过时，或者完全是错误的。

# MANAGED BY PUPPET

upstream gitlab {
  server unix:/home/git/gitlab/tmp/sockets/gitlab.socket;
}

# setup server with or without https depending on gitlab::gitlab_ssl variable
server {
  listen *:80;
  server_name gitlab.localdomain;
  server_tokens off;
  root /nowhere;
  rewrite ^ https://$server_name$request_uri permanent;
}
server {
  listen *:443 ssl default_server;
  server_name gitlab.localdomain;
  server_tokens off;
  root /home/git/gitlab/public;

  ssl                           on;
  ssl_certificate               /etc/ssl/certs/ssl-cert-snakeoil.pem;
  ssl_certificate_key           /etc/ssl/private/ssl-cert-snakeoil.key;
  ssl_protocols                 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers                   AES:HIGH:!ADH:!MDF;
  ssl_prefer_server_ciphers     on;

  # individual nginx logs for this gitlab vhost
  access_log  /var/log/nginx/gitlab_access.log;
  error_log   /var/log/nginx/gitlab_error.log;

  location / {
    # serve static files from defined root folder;.
    # @gitlab is a named location for the upstream fallback, see below
    try_files $uri $uri/index.html $uri.html @gitlab;
  }

  # if a file, which is not found in the root folder is requested,
  # then the proxy pass the request to the upsteam (gitlab puma)
  location @gitlab {
    proxy_read_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_connect_timeout 300; # https://github.com/gitlabhq/gitlabhq/issues/694
    proxy_redirect     off;

    proxy_set_header   X-Forwarded-Proto $scheme;
    proxy_set_header   X-Forwarded-Ssl   on;

    proxy_set_header   Host              $http_host;
    proxy_set_header   X-Real-IP         $remote_addr;

    proxy_pass http://gitlab;
  }
}

每次配置更改后我都重新启动，但访问时仍然只看到“欢迎使用 nginx”页面http://192.168.33.10。而https://192.168.33.10完美地工作。

为什么nginx仍然不会将http请求重定向到https？

我也尝试过以下配置

  listen *:80;
  server_name <%= @fqdn %>;
  #root /nowhere; 
  #rewrite ^ https://$server_name$request_uri? permanent; 
  #rewrite ^ https://$server_name$request_uri permanent;
  #return 301 https://$server_name$request_uri;
  #return 301 http://$server_name$request_uri;
  #return 301 http://192.168.33.10$request_uri;
  return 301 http://$host$request_uri;

日志

tailf /var/log/nginx/access.log
192.168.33.1 - - [22/Oct/2013:03:41:39 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Firefox/24.0"
192.168.33.1 - - [22/Oct/2013:03:44:43 +0000] "GET / HTTP/1.1" 200 133 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:24.0) Gecko/20100101 Firefox/24.0"

tailf /var/log/nginx/gitlab_error.lob
2013/10/22 02:29:14 [crit] 27226#0: *1 connect() to unix:/home/git/gitlab/tmp/sockets/gitlab.socket failed (2: No such file or directory) while connecting to upstream, client: 192.168.33.1, server: gitlab.localdomain, request: "GET / HTTP/1.1", upstream: "http://unix:/home/git/gitlab/tmp/sockets/gitlab.socket:/", host: "192.168.33.10"

资源
https://www.nginx.com/resources/wiki/start/topics/tutorials/config_pitfalls/
如何使 nginx 重定向
 如何在 nginx 中强制或重定向到 SSL？
nginx ssl 重定向
 Nginx & Https 重定向
 https://www.tinywp.in/301-redirect-wordpress/
如何在 nginx 中强制或重定向到 SSL？

2 个回答

Voted

spuder · Answer 1 · 2013-10-23T15:07:58+08:00

Best Answer

spuder

2013-10-23T15:07:58+08:002013-10-23T15:07:58+08:00

我已经确定了问题所在。

我在 /etc/hosts 中有一个配置错误的条目

127.0.0.1 gitlab.localdomain gitlab

一旦我将其更改为以下内容，https 重定向就开始工作

192.168.33.10 gitlab.localdomain gitlab

所以总而言之，这是有效的语法。

server {
  listen 80;
  server_name gitlab.localdomain;
  server_tokens off;
  return 301 https://$host$request_uri;


}
server {
  listen 443 ssl default_server;
  server_name gitlab.localdomain;
  server_tokens off;
  root /home/git/gitlab/public;
  ssl                           on;
  ssl_certificate               /etc/ssl/certs/ssl-cert-snakeoil.pem;
  ssl_certificate_key           /etc/ssl/private/ssl-cert-snakeoil.key;
  ssl_protocols                 SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers                   AES:HIGH:!ADH:!MDF;
  ssl_prefer_server_ciphers     on;
…

注意
重定向仅在按名称调用 url 时有效，如果导航到 ip，则不会重定向。

7

that guy from over there · Answer 2 · 2013-10-23T01:56:32+08:00

that guy from over there

2013-10-23T01:56:32+08:002013-10-23T01:56:32+08:00

2件事离子如何确保http-to-https-redirects

在您的 HTTPS - 部分中，启用HSTS-Header _> 这将确保您的浏览器仅在 HTTPS 中发送未来的请求
```
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
```
在您的 http 部分：您可以return 301 https://$server_name$request_uri;（最快的方法）或重写（较慢）
```
server {
  listen 80;
  server_name _;
  server_tokens off;

  return 301 https://$host$request_uri;
```
}

4

如何将http请求重定向到https（nginx）

新安装后 postgres 的默认超级用户用户名/密码是什么？

SFTP 使用什么端口？

命令行列出 Windows Active Directory 组中的用户？

什么是 Pem 文件，它与其他 OpenSSL 生成的密钥文件格式有何不同？

如何确定bash变量是否为空？

如何将http请求重定向到https（nginx）

2 个回答

相关问题