NGINX 将单个 HTTPS URL 重写为 HTTP
NGINX Rewrite single HTTPS URL to HTTP
在我的 NGINX 服务器上,我将所有非 SSL 流量重定向到我的 SSL 站点。
现在,我想从中排除一个 URL,具体来说:
https://pyronexus.com/forum/pages.php 以及附加到 pages.php 的所有内容,例如 pages.php?page=blahblah 重定向到 http://pyronexus.com/forum/pages.php等
到目前为止,我的配置文件看起来像这样,但我没有运气让我重写这个 url 工作。
server {
server_name
www.pyronexus.com
;
listen 80 default;
listen 443 ssl;
ssl_certificate ssl/pyronexus.com.crt;
ssl_certificate_key ssl/pyronexus.com.key;
return 301 https://pyronexus.com$request_uri;
}
server {
server_name
pyronexus.com
;
listen 80;
listen 443 default ssl;
ssl_certificate ssl/pyronexus.com.crt;
ssl_certificate_key ssl/pyronexus.com.key;
root /home/nginx/pyronexus.com/public;
index index.html index.php;
access_log /home/nginx/pyronexus.com/logs/access.log;
error_log /home/nginx/pyronexus.com/logs/error.log;
include php.conf;
include mime.types;
location /forum/ {
#include pyronexus-naxsi.rules;
rewrite ^/forum/forum-([0-9]+)\.html$ /forum/forumdisplay.php?fid=;
rewrite ^/forum/forum-([0-9]+)-page-([0-9]+)\.html$ /forum/forumdisplay.php?fid=&page=;
rewrite ^/forum/thread-([0-9]+)\.html$ /forum/showthread.php?tid=;
rewrite ^/forum/thread-([0-9]+)-page-([0-9]+)\.html$ /forum/showthread.php?tid=&page=;
rewrite ^/forum/thread-([0-9]+)-lastpost\.html$ /forum/showthread.php?tid=&action=lastpost;
rewrite ^/forum/thread-([0-9]+)-nextnewest\.html$ /forum/showthread.php?tid=&action=nextnewest;
rewrite ^/forum/thread-([0-9]+)-nextoldest\.html$ /forum/showthread.php?tid=&action=nextoldest;
rewrite ^/forum/thread-([0-9]+)-newpost\.html$ /forum/showthread.php?tid=&action=newpost;
rewrite ^/forum/thread-([0-9]+)-post-([0-9]+)\.html$ /forum/showthread.php?tid=&pid=;
rewrite ^/forum/post-([0-9]+)\.html$ /forum/showthread.php?pid=;
rewrite ^/forum/announcement-([0-9]+)\.html$ /forum/announcements.php?aid=;
rewrite ^/forum/user-([0-9]+)\.html$ /forum/member.php?action=profile&uid=;
rewrite ^/forum/calendar-([0-9]+)\.html$ /forum/calendar.php?calendar=;
rewrite ^/forum/calendar-([0-9]+)-year-([0-9]+)\.html$ /forum/calendar.php?action=yearview&calendar=&year=;
rewrite ^/forum/calendar-([0-9]+)-year-([0-9]+)-month-([0-9]+)\.html$ /forum/calendar.php?calendar=&year=&month=;
rewrite ^/forum/calendar-([0-9]+)-year-([0-9]+)-month-([0-9]+)-day-([0-9]+)\.html$ /forum/calendar.php?action=dayview&calendar=&year=&month=&day=;
rewrite ^/forum/calendar-([0-9]+)-week-(n?[0-9]+)\.html$ /forum/calendar.php?action=weekview&calendar=&week=;
rewrite ^/forum/event-([0-9]+)\.html$ /forum/calendar.php?action=event&eid=;
rewrite ^/forum/archive/index\.php/forum-([0-9]+)\.html$ /forum/archive/index.php?forum-.html;
rewrite ^/forum/archive/index\.php/thread-([0-9]+)\.html$ /forum/archive/index.php?thread-.html;
}
location ~ /forum/(inc) {
deny all;
}
}
我尝试过的重写规则是这样的,但我仍在了解这些规则的工作原理:
rewrite ^https://pyronexus.com/forum/pages\.php(.*)$ http://pyronexus.com/forum/pages.php;
打开你网站的配置,我的是/etc/nginx/sites-enabled/pyronexus.com。
添加以下服务器指令,根据需要调整变量:
server {
server_name
www.your-site.com
;
listen 80;
listen 443 ssl;
ssl_certificate ssl/your-certificate.crt;
ssl_certificate_key ssl/your-certificate.key;
return 301 https://your-site.com$request_uri;
}
此指令将强制所有 www 连接(无论是通过 SSL 还是非 SSL)连接到非 www。
添加另一个指令。尽管在此指令中您可以添加任何您不想启用 SSL 的页面排除项。在 location ~ / {} 指令之前添加它们(我在其中包含了一个示例,它从 HTTPS 连接中排除了 http://your-site.com/forum/pages.php):
server {
server_name
your-site.com
;
listen 80 default;
root /your/site/root;
access_log /your/logs/location/access.log;
error_log /your/logs/location/error.log;
include global.conf;
# This excludes forum/pages.php from being forced through HTTPS
location ~ ^/forum/pages\.php$ {
include php.conf;
}
# This will force any http:// connections through https://
location ~ / {
return 301 https://your-site.com$request_uri;
}
}
添加第三个也是最后一个指令。这是处理所有 SSL 连接的指令。您还需要将上面放置的任何排除项也放在这里,并将人们重定向到 http 连接:
server {
server_name
your-site.com
;
listen 443 default ssl;
ssl_certificate ssl/your-site.crt;
ssl_certificate_key ssl/your-site.key;
root /your/site/root;
access_log /your/logs/location/access.log;
error_log /your/logs/location/error.log;
include global.conf;
# This will force forum/pages.php through http://
location ~ ^/forum/pages\.php$ {
return 301 http://your-site.com$request_uri;
}
include php.conf;
}
就是这样!测试您的配置!
如果您想知道我的 global.conf 和 php.conf 里有什么,那么它们是:
global.conf:
# Tries to access the file directly before handing over to index.php
location / {
try_files $uri $uri/ /index.php?$args;
}
# Exclude common static file formats from logging and cache as long as possible
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|txt)$ {
access_log off;
log_not_found off;
expires max;
}
# Deny access to files that start with a dot, such as .htaccess
location ~ /\. {
deny all;
}
# Deny access to php files in folders named uploads and files (this is to prevent people uploading php files and executing them)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
php.conf:
# Pass all php files to php5-fpm
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
}
来源:https://pyronexus.com/blog/2015/01/11/nginx-remove-www-and-force-ssl-connections/
在我的 NGINX 服务器上,我将所有非 SSL 流量重定向到我的 SSL 站点。
现在,我想从中排除一个 URL,具体来说: https://pyronexus.com/forum/pages.php 以及附加到 pages.php 的所有内容,例如 pages.php?page=blahblah 重定向到 http://pyronexus.com/forum/pages.php等
到目前为止,我的配置文件看起来像这样,但我没有运气让我重写这个 url 工作。
server {
server_name
www.pyronexus.com
;
listen 80 default;
listen 443 ssl;
ssl_certificate ssl/pyronexus.com.crt;
ssl_certificate_key ssl/pyronexus.com.key;
return 301 https://pyronexus.com$request_uri;
}
server {
server_name
pyronexus.com
;
listen 80;
listen 443 default ssl;
ssl_certificate ssl/pyronexus.com.crt;
ssl_certificate_key ssl/pyronexus.com.key;
root /home/nginx/pyronexus.com/public;
index index.html index.php;
access_log /home/nginx/pyronexus.com/logs/access.log;
error_log /home/nginx/pyronexus.com/logs/error.log;
include php.conf;
include mime.types;
location /forum/ {
#include pyronexus-naxsi.rules;
rewrite ^/forum/forum-([0-9]+)\.html$ /forum/forumdisplay.php?fid=;
rewrite ^/forum/forum-([0-9]+)-page-([0-9]+)\.html$ /forum/forumdisplay.php?fid=&page=;
rewrite ^/forum/thread-([0-9]+)\.html$ /forum/showthread.php?tid=;
rewrite ^/forum/thread-([0-9]+)-page-([0-9]+)\.html$ /forum/showthread.php?tid=&page=;
rewrite ^/forum/thread-([0-9]+)-lastpost\.html$ /forum/showthread.php?tid=&action=lastpost;
rewrite ^/forum/thread-([0-9]+)-nextnewest\.html$ /forum/showthread.php?tid=&action=nextnewest;
rewrite ^/forum/thread-([0-9]+)-nextoldest\.html$ /forum/showthread.php?tid=&action=nextoldest;
rewrite ^/forum/thread-([0-9]+)-newpost\.html$ /forum/showthread.php?tid=&action=newpost;
rewrite ^/forum/thread-([0-9]+)-post-([0-9]+)\.html$ /forum/showthread.php?tid=&pid=;
rewrite ^/forum/post-([0-9]+)\.html$ /forum/showthread.php?pid=;
rewrite ^/forum/announcement-([0-9]+)\.html$ /forum/announcements.php?aid=;
rewrite ^/forum/user-([0-9]+)\.html$ /forum/member.php?action=profile&uid=;
rewrite ^/forum/calendar-([0-9]+)\.html$ /forum/calendar.php?calendar=;
rewrite ^/forum/calendar-([0-9]+)-year-([0-9]+)\.html$ /forum/calendar.php?action=yearview&calendar=&year=;
rewrite ^/forum/calendar-([0-9]+)-year-([0-9]+)-month-([0-9]+)\.html$ /forum/calendar.php?calendar=&year=&month=;
rewrite ^/forum/calendar-([0-9]+)-year-([0-9]+)-month-([0-9]+)-day-([0-9]+)\.html$ /forum/calendar.php?action=dayview&calendar=&year=&month=&day=;
rewrite ^/forum/calendar-([0-9]+)-week-(n?[0-9]+)\.html$ /forum/calendar.php?action=weekview&calendar=&week=;
rewrite ^/forum/event-([0-9]+)\.html$ /forum/calendar.php?action=event&eid=;
rewrite ^/forum/archive/index\.php/forum-([0-9]+)\.html$ /forum/archive/index.php?forum-.html;
rewrite ^/forum/archive/index\.php/thread-([0-9]+)\.html$ /forum/archive/index.php?thread-.html;
}
location ~ /forum/(inc) {
deny all;
}
}
我尝试过的重写规则是这样的,但我仍在了解这些规则的工作原理:
rewrite ^https://pyronexus.com/forum/pages\.php(.*)$ http://pyronexus.com/forum/pages.php;
打开你网站的配置,我的是/etc/nginx/sites-enabled/pyronexus.com。 添加以下服务器指令,根据需要调整变量:
server { server_name www.your-site.com ; listen 80; listen 443 ssl; ssl_certificate ssl/your-certificate.crt; ssl_certificate_key ssl/your-certificate.key; return 301 https://your-site.com$request_uri; }此指令将强制所有 www 连接(无论是通过 SSL 还是非 SSL)连接到非 www。
添加另一个指令。尽管在此指令中您可以添加任何您不想启用 SSL 的页面排除项。在 location ~ / {} 指令之前添加它们(我在其中包含了一个示例,它从 HTTPS 连接中排除了 http://your-site.com/forum/pages.php):
server { server_name your-site.com ; listen 80 default; root /your/site/root; access_log /your/logs/location/access.log; error_log /your/logs/location/error.log; include global.conf; # This excludes forum/pages.php from being forced through HTTPS location ~ ^/forum/pages\.php$ { include php.conf; } # This will force any http:// connections through https:// location ~ / { return 301 https://your-site.com$request_uri; } }添加第三个也是最后一个指令。这是处理所有 SSL 连接的指令。您还需要将上面放置的任何排除项也放在这里,并将人们重定向到 http 连接:
server { server_name your-site.com ; listen 443 default ssl; ssl_certificate ssl/your-site.crt; ssl_certificate_key ssl/your-site.key; root /your/site/root; access_log /your/logs/location/access.log; error_log /your/logs/location/error.log; include global.conf; # This will force forum/pages.php through http:// location ~ ^/forum/pages\.php$ { return 301 http://your-site.com$request_uri; } include php.conf; }
就是这样!测试您的配置!
如果您想知道我的 global.conf 和 php.conf 里有什么,那么它们是:
global.conf:
# Tries to access the file directly before handing over to index.php
location / {
try_files $uri $uri/ /index.php?$args;
}
# Exclude common static file formats from logging and cache as long as possible
location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf|txt)$ {
access_log off;
log_not_found off;
expires max;
}
# Deny access to files that start with a dot, such as .htaccess
location ~ /\. {
deny all;
}
# Deny access to php files in folders named uploads and files (this is to prevent people uploading php files and executing them)
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
php.conf:
# Pass all php files to php5-fpm
location ~ \.php$ {
try_files $uri =404;
include fastcgi_params;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
}
来源:https://pyronexus.com/blog/2015/01/11/nginx-remove-www-and-force-ssl-connections/