301 重定向后更改协议的问题 (Nginx/BitrixVM/CentOS6.5)
Issue with change protocol after 301 redirect (Nginx/BitrixVM/CentOS6.5)
我正在使用以下设置:
s1.conf
# Default website
server {
listen 80;
server_name test.com www.test.com;
return 301 https://test.com$request_uri; # enforce https
server_name_in_redirect off;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:80;
proxy_set_header< X-Forwarded-Host $http_host
set $proxyserver "http://127.0.0.1:8888";
set $docroot "/home/bitrix/www";
index index.php;
root /home/bitrix/www;
# Redirect to ssl if need
if (-f /home/bitrix/www/.htsecure) { rewrite ^(.*)$ https://$host permanent; }
# Include parameters common to all websites
include bx/conf/bitrix.conf;
# Include server monitoring locations
include bx/server_monitor.conf;
}
s1_ssl.conf
# Default SSL certificate enabled website
server {
listen 443 default_server ssl;
server_name test.com;
# Enable SSL connection
include bx/conf/ssl.conf;
server_name_in_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host:443;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header HTTPS YES;
set $proxyserver "http://127.0.0.1:8888";
set $docroot "/home/bitrix/www";
index index.php;
root /home/bitrix/www;
# Include parameters common to all websites
include bx/conf/bitrix.conf;
# Include server monitoring API's
include bx/server_monitor.conf;
}
当我尝试 link http://test.com/xyz/ or https://test.com/xyz/ all is OK. But when I try link like http://test.com/xyz or https://test.com/xyz 我得到
400 Bad Request,纯 HTTP 请求发送到 HTTPS 端口
这个卷曲输出:
curl -I -k https://test.com/xyz
HTTP/1.1 301 Moved Permanently
Server: nginx/1.6.2
Date: Mon, 22 Feb 2016 09:13:28 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Location: http://test.com:443/xyz/
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
为什么协议更改为 http?
你忘了说对 http://test.com/xyz 的引用是目录。
什么是恶:mod_dir
A "trailing slash" redirect is issued when the server receives a
request for a URL http://servername/foo/dirname where dirname is a
directory. Directories require a trailing slash, so mod_dir issues a
redirect to http://servername/foo/dirname/.
对他来说 "HTTPS on" 不起作用,计划 https:// not be
应该做什么:
1) nginx 配置不要触及任何东西
2) 在您域的 httpd 配置中,例如:
/etc/httpd/bx/conf/bx_ext_site.local.conf
其中字符串包含您的服务器名称,例如:
服务器名称site.local
补充如下:https://
是这样的:
服务器名称https://site.local
这就是你所需要的
无需任何重定向即可运行
意味着问题隐藏在手册中http://httpd.apache.org/docs/2.2/mod/core.html#servername
Sometimes, the server runs behind a device that processes SSL, such as
a reverse proxy, load balancer or SSL offload appliance. When this is
the case, specify the https:// scheme and the port number to which the
clients connect in the ServerName directive to make sure that the
server generates the correct self-referential URLs.
我正在使用以下设置:
s1.conf
# Default website
server {
listen 80;
server_name test.com www.test.com;
return 301 https://test.com$request_uri; # enforce https
server_name_in_redirect off;
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log warn;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host:80;
proxy_set_header< X-Forwarded-Host $http_host
set $proxyserver "http://127.0.0.1:8888";
set $docroot "/home/bitrix/www";
index index.php;
root /home/bitrix/www;
# Redirect to ssl if need
if (-f /home/bitrix/www/.htsecure) { rewrite ^(.*)$ https://$host permanent; }
# Include parameters common to all websites
include bx/conf/bitrix.conf;
# Include server monitoring locations
include bx/server_monitor.conf;
}
s1_ssl.conf
# Default SSL certificate enabled website
server {
listen 443 default_server ssl;
server_name test.com;
# Enable SSL connection
include bx/conf/ssl.conf;
server_name_in_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host:443;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header HTTPS YES;
set $proxyserver "http://127.0.0.1:8888";
set $docroot "/home/bitrix/www";
index index.php;
root /home/bitrix/www;
# Include parameters common to all websites
include bx/conf/bitrix.conf;
# Include server monitoring API's
include bx/server_monitor.conf;
}
当我尝试 link http://test.com/xyz/ or https://test.com/xyz/ all is OK. But when I try link like http://test.com/xyz or https://test.com/xyz 我得到 400 Bad Request,纯 HTTP 请求发送到 HTTPS 端口
这个卷曲输出:
curl -I -k https://test.com/xyz
HTTP/1.1 301 Moved Permanently
Server: nginx/1.6.2
Date: Mon, 22 Feb 2016 09:13:28 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Location: http://test.com:443/xyz/
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
为什么协议更改为 http?
你忘了说对 http://test.com/xyz 的引用是目录。
什么是恶:mod_dir
A "trailing slash" redirect is issued when the server receives a request for a URL http://servername/foo/dirname where dirname is a directory. Directories require a trailing slash, so mod_dir issues a redirect to http://servername/foo/dirname/.
对他来说 "HTTPS on" 不起作用,计划 https:// not be
应该做什么:
1) nginx 配置不要触及任何东西
2) 在您域的 httpd 配置中,例如: /etc/httpd/bx/conf/bx_ext_site.local.conf
其中字符串包含您的服务器名称,例如: 服务器名称site.local
补充如下:https://
是这样的: 服务器名称https://site.local
这就是你所需要的
无需任何重定向即可运行
意味着问题隐藏在手册中http://httpd.apache.org/docs/2.2/mod/core.html#servername
Sometimes, the server runs behind a device that processes SSL, such as a reverse proxy, load balancer or SSL offload appliance. When this is the case, specify the https:// scheme and the port number to which the clients connect in the ServerName directive to make sure that the server generates the correct self-referential URLs.