Symfony生产网站不强制使用https(使用nginx)
在我的app/config/security.yml文件中,我有:Symfony生产网站不强制使用https(使用nginx),symfony,nginx,https,Symfony,Nginx,Https,在我的app/config/security.yml文件中,我有: access_control: - { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https } - { path: ^/admin, roles: ROLE_ADMIN, requires_channel: https } 在使用symfony内置服务器的开发中,如果我转到localhost/login,它会将我
access_control:
- { path: ^/login, roles: IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
- { path: ^/admin, roles: ROLE_ADMIN, requires_channel: https }
在使用symfony内置服务器的开发中,如果我转到localhost/login,它会将我重定向到https://localhost/login.
但是,在我的生产站点中,转到example.com/login,我只看到登录页面。浏览器指示连接不安全
我的直觉认为这可能与nginx配置文件有关
server {
listen 80;
listen 443 ssl;
server_name example.com;
root /var/www/symfony/web;
client_max_body_size 500M;
location / {
# try to serve file directly, fallback to app.php
index app.php;
try_files $uri @rewriteapp;
}
location @rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
location ~ ^/app\.php(/|$) {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
}
error_log /var/log/nginx/adam_error.log;
access_log /var/log/nginx/adam_access.log;
}
我或多或少是从中抄袭的
还有几件事需要注意:如果symfony ie在内部将我重定向到登录页面,如果我尝试访问/admin受限路由,或者在不安全连接上登录失败,我确实会被路由到安全页面https://example.com/login url,但显然这还不够好,我不希望任何人进入example.com/login并且没有安全连接
有人能发现哪里出了问题吗?要在Nginx上强制使用HTTPS,您必须修改Nginx配置文件,如下所示:
server {
listen 80;
location /login {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
# let the browsers know that we only accept HTTPS
add_header Strict-Transport-Security max-age=2592000;
#Put the rest of your config here
}
来源:要在Nginx上强制使用HTTPS,您必须修改Nginx配置文件,如下所示:
server {
listen 80;
location /login {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
# let the browsers know that we only accept HTTPS
add_header Strict-Transport-Security max-age=2592000;
#Put the rest of your config here
}
资料来源:好吧,我想出来了。在我的nginx配置中:
fastcgi_param HTTPS on;
是什么导致了这个问题。事实证明,当它设置为on时,如果初始端口为80,它不会强制重定向到https。我猜symfony认为此配置下的端口80是https,当它设置为off时,它会导致无限重定向。nginx将url重定向到端口80,symfony将url重定向到端口443
因此,解决方案是,如果是端口80,则将其关闭,如果是端口443,则将其打开ssl端口
这就是我的nginx.conf现在的样子:
server {
listen 80;
listen 443 ssl;
server_name example.com;
root /path/to/symfony_directory/web;
#if your version of nginx is < 1.11.11, uncomment these next two lines
#as $https will not be defined.
#if ($server_port = 443) { set $https on; }
#if ($server_port = 80) { set $https off; }
location / {
# try to serve file directly, fallback to app.php
# try_files $uri /app.php$is_args$args;
index app.php;
try_files $uri @rewriteapp;
}
location @rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
location ~ ^/app\.php(/|$) {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#NOTE THAT "$https" is defined by nginx to be
# "on" if port 443 and off for port 80 (for version > 1.1.11)
fastcgi_param HTTPS $https;
}
}
好吧,我知道了。在我的nginx配置中:
fastcgi_param HTTPS on;
是什么导致了这个问题。事实证明,当它设置为on时,如果初始端口为80,它不会强制重定向到https。我猜symfony认为此配置下的端口80是https,当它设置为off时,它会导致无限重定向。nginx将url重定向到端口80,symfony将url重定向到端口443
因此,解决方案是,如果是端口80,则将其关闭,如果是端口443,则将其打开ssl端口
这就是我的nginx.conf现在的样子:
server {
listen 80;
listen 443 ssl;
server_name example.com;
root /path/to/symfony_directory/web;
#if your version of nginx is < 1.11.11, uncomment these next two lines
#as $https will not be defined.
#if ($server_port = 443) { set $https on; }
#if ($server_port = 80) { set $https off; }
location / {
# try to serve file directly, fallback to app.php
# try_files $uri /app.php$is_args$args;
index app.php;
try_files $uri @rewriteapp;
}
location @rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
location ~ ^/app\.php(/|$) {
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#NOTE THAT "$https" is defined by nginx to be
# "on" if port 443 and off for port 80 (for version > 1.1.11)
fastcgi_param HTTPS $https;
}
}
谢谢,但我不希望整个站点强制使用https连接,我希望https在symfony指定的特定路由/登录下强制使用。谢谢,但我不希望整个站点强制使用https连接,我希望https在symfony指定的特定路由/登录下强制使用。