Nginx 服务器 http 到 https
Nginx Server http to https
我在我的 nodeJS 服务器上安装了 NginX,并且已经进行了 Certbot SSL 身份验证。
一切正常,但是当我删除 cookie 并转到页面时,它会加载到 http。
有没有办法重定向到 https?
当我写“return 301 https://maarath.com$request_uri;”时,它会出错:重定向太多。
有人有什么想法吗?
我的配置:
server {
listen 80;
server_name ujhonlapod.hu www.ujhonlapod.hu;
location / {
proxy_pass http://localhost:3000; # Change the port if needed
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
server_name ujhonlapod.hu www.ujhonlapod.hu;
ssl_certificate /etc/letsencrypt/live/ujhonlapod.hu/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ujhonlapod.hu/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/ujhonlapod.hu/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
add_header Content-Security-Policy upgrade-insecure-requests;
}
感谢您的回答。
您是否在使用 nginx 的 certbot 插件?它看起来不像。你应该删除这部分
listen 443 ssl; # managed by Certbot
server_name ujhonlapod.hu www.ujhonlapod.hu;
ssl_certificate /etc/letsencrypt/live/ujhonlapod.hu/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ujhonlapod.hu/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/ujhonlapod.hu/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
add_header Content-Security-Policy upgrade-insecure-requests;
并清理您的配置以仅侦听端口 80。
server {
listen 80;
server_name ujhonlapod.hu www.ujhonlapod.hu;
location / {
proxy_pass http://localhost:3000; # Change the port if needed
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
}
}
重新加载 nginx nginx -s reload
运行 certbot sudo certbot --nginx
这应该会为您创建正确的配置。
就我个人而言,我永远!!将 http 和 https 流量拆分为两个服务器块,如
server {
listen 80;
server_name example.com;
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
}
server {
listen 443;
server_name example.com;
.....
}
如果您不是 100% 了解如何自行管理配置和证书,我真的建议您使用该插件来管理 NGINX 配置。使用 certbot 只需 2 分钟即可使其正常工作。
在此处阅读更多内容:https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal
我在我的 nodeJS 服务器上安装了 NginX,并且已经进行了 Certbot SSL 身份验证。 一切正常,但是当我删除 cookie 并转到页面时,它会加载到 http。 有没有办法重定向到 https? 当我写“return 301 https://maarath.com$request_uri;”时,它会出错:重定向太多。 有人有什么想法吗? 我的配置:
server {
listen 80;
server_name ujhonlapod.hu www.ujhonlapod.hu;
location / {
proxy_pass http://localhost:3000; # Change the port if needed
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen 443 ssl; # managed by Certbot
server_name ujhonlapod.hu www.ujhonlapod.hu;
ssl_certificate /etc/letsencrypt/live/ujhonlapod.hu/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ujhonlapod.hu/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/ujhonlapod.hu/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
add_header Content-Security-Policy upgrade-insecure-requests;
}
感谢您的回答。
您是否在使用 nginx 的 certbot 插件?它看起来不像。你应该删除这部分
listen 443 ssl; # managed by Certbot
server_name ujhonlapod.hu www.ujhonlapod.hu;
ssl_certificate /etc/letsencrypt/live/ujhonlapod.hu/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ujhonlapod.hu/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/ujhonlapod.hu/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
add_header Content-Security-Policy upgrade-insecure-requests;
并清理您的配置以仅侦听端口 80。
server {
listen 80;
server_name ujhonlapod.hu www.ujhonlapod.hu;
location / {
proxy_pass http://localhost:3000; # Change the port if needed
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
}
}
重新加载 nginx nginx -s reload
运行 certbot sudo certbot --nginx
这应该会为您创建正确的配置。
就我个人而言,我永远!!将 http 和 https 流量拆分为两个服务器块,如
server {
listen 80;
server_name example.com;
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
}
server {
listen 443;
server_name example.com;
.....
}
如果您不是 100% 了解如何自行管理配置和证书,我真的建议您使用该插件来管理 NGINX 配置。使用 certbot 只需 2 分钟即可使其正常工作。
在此处阅读更多内容:https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal