使用 Nginx 仅将桌面流量重定向到 HTTPS
Redirect only desktop traffic to HTTPS with Nginx
我试图强制仅将桌面(非移动)流量重定向到 HTTPS。我使用 Nginx,然后为这个特定域反向代理到 Apache。这是我当前的配置:
server {
server_name example.com www.example.com;
location / {
proxy_pass http://EXAMPLE_IP:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
使用此 Nginx 代码:
- 访问 http://www.example.com 有效。
- 访问 https://www.example.com 有效。
如何添加执行用户代理检测和正确重定向的逻辑?
我确实发现了这段代码来检测非移动流量 - https://gist.github.com/perusio/1326701
我解决了!这是对我有用的:
### Testing if the client is a mobile or a desktop.
### The selection is based on the usual UA strings for desktop browsers.
## Testing a user agent using a method that reverts the logic of the
## UA detection. Inspired by notnotmobile.appspot.com.
map $http_user_agent $is_desktop {
default 0;
~*linux.*android|windows\s+(?:ce|phone) 0; # exceptions to the rule
~*spider|crawl|slurp|bot 1; # bots
~*windows|linux|os\s+x\s*[\d\._]+|solaris|bsd 1; # OSes
}
server {
server_name example.com www.example.com;
location / {
proxy_pass http://EXAMPLE_IP:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($is_desktop) {
set $redirection A;
}
if ($host = www.example.com) {
set $redirection "${redirection}B";
} # managed by Certbot
if ($host = example.com) {
set $redirection "${redirection}B";
} # managed by Certbot
if ($redirection = AB) {
return 301 https://$host$request_uri;
}
server_name example.com www.example.com;
listen 80;
location / {
proxy_pass http://EXAMPLE_IP:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
我试图强制仅将桌面(非移动)流量重定向到 HTTPS。我使用 Nginx,然后为这个特定域反向代理到 Apache。这是我当前的配置:
server {
server_name example.com www.example.com;
location / {
proxy_pass http://EXAMPLE_IP:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
使用此 Nginx 代码:
- 访问 http://www.example.com 有效。
- 访问 https://www.example.com 有效。
如何添加执行用户代理检测和正确重定向的逻辑?
我确实发现了这段代码来检测非移动流量 - https://gist.github.com/perusio/1326701
我解决了!这是对我有用的:
### Testing if the client is a mobile or a desktop.
### The selection is based on the usual UA strings for desktop browsers.
## Testing a user agent using a method that reverts the logic of the
## UA detection. Inspired by notnotmobile.appspot.com.
map $http_user_agent $is_desktop {
default 0;
~*linux.*android|windows\s+(?:ce|phone) 0; # exceptions to the rule
~*spider|crawl|slurp|bot 1; # bots
~*windows|linux|os\s+x\s*[\d\._]+|solaris|bsd 1; # OSes
}
server {
server_name example.com www.example.com;
location / {
proxy_pass http://EXAMPLE_IP:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($is_desktop) {
set $redirection A;
}
if ($host = www.example.com) {
set $redirection "${redirection}B";
} # managed by Certbot
if ($host = example.com) {
set $redirection "${redirection}B";
} # managed by Certbot
if ($redirection = AB) {
return 301 https://$host$request_uri;
}
server_name example.com www.example.com;
listen 80;
location / {
proxy_pass http://EXAMPLE_IP:8080;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}