nginx将某个站点从http重定向到https不起作用
我的docker堆栈有以下nginx配置nginx将某个站点从http重定向到https不起作用,nginx,Nginx,我的docker堆栈有以下nginx配置 worker_processes auto; events { worker_connections 65000; } http { proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; upstream api { server api:3000; } upstream ap
worker_processes auto;
events {
worker_connections 65000;
}
http {
proxy_buffer_size 128k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
upstream api {
server api:3000;
}
upstream app {
server app:8000;
}
server {
listen 443 ssl;
server_name api.atimu.com;
ssl_certificate /etc/letsencrypt/live/api.atimu.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/api.atimu.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
large_client_header_buffers 4 32k;
gzip on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
proxy_pass http://api;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 443 ssl;
server_name app.atimu.com;
ssl_certificate /etc/letsencrypt/live/app.atimu.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.atimu.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
large_client_header_buffers 4 32k;
gzip on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
proxy_pass http://app;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 80;
server_name api.atimu.com;
return 301 https://api.atimu.com$request_uri;
}
server {
listen 80;
server_name app.atimu.com;
return 301 https://app.atimu.com$request_uri;
}
}
除重定向部分外,所有功能都正常工作应用程序在https上打开,但在HTTP上不打开(重定向到https)。
我只想要(不是API)http://app.atimu.com
重定向到https://app.atimu.com
。我做错了什么
更新:
您的nginx配置似乎不完整,请在nginx文件中添加下面的块,然后重新启动Web服务器
server {
if ($host = app.atimu.com) {
return 301 https://$host$request_uri;
}
listen 80;
server_name app.atimu.com;
return 404;
}
另外,我想知道您是否已使用以下命令颁发ssl证书,该命令会自动为您的域创建ssl块,从而将HTTP请求重定向到HTTPS:
sudo certbot --nginx -d app.atimu.com
以下步骤(按照@RichardSmith的建议)为我解决了这个问题
您似乎有重复的服务器名称错误。您是否使用
nginx-t
测试了配置?第一个和最后一个服务器
都在端口80上侦听相同的服务器名称
。我已经在第二个服务器上注释掉了端口80。我的想法是,一个配置将监听端口80上的应用程序,另一个配置将监听端口443。我试着跟着。你会怎么做?您能分享您的解决方案版本吗?您的问题似乎是您不想要http://api.atimu.com
重定向到https://app.atimu.com
?您希望Nginx做什么?重定向到https://api.atimu.com
还是断开连接?@RichardSmith我决定将API重定向到https。更改了nginx.conf并添加了结果。请检查。您可能需要重置浏览器的缓存。最后两个server
块可以通过使用return301 https://$host$request\u uri组合成一个代码>是的,SSL ins配置正确,我可以连接https,只是HTTP没有重定向到https。我将尝试你的代码并更新你。
server {
listen 80;
server_name api.atimu.com;
return 301 https://api.atimu.com$request_uri;
}
server {
listen 80;
server_name app.atimu.com;
return 301 https://app.atimu.com$request_uri;
}
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}
server {
# liten 80; Remove this line
listen 443 ssl;
server_name app.atimu.com;
ssl_certificate /etc/letsencrypt/live/app.atimu.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/app.atimu.com/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
large_client_header_buffers 4 32k;
gzip on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
proxy_pass http://app;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}