nginx强制跳转https

最新推荐文章于 2023-10-16 17:03:46 发布

weixin_33693070

最新推荐文章于 2023-10-16 17:03:46 发布

阅读量72

点赞数

文章标签：运维 php

原文链接：http://blog.51cto.com/chenzm0592/1895297

版权

这里要注意的就是由于nginx没有配置中级证书的参数，所以根证书和证书文件需要合并起来配置，这个apache有点区别，证书链文件建议是配置上去apache有相应参数可以配置nginx没有。
cat domain.crt domian.ca > domian.pem

写2个server,80端口用return 301跳转即可。
cat domain-80.conf
server {
    listen IP:80;
    server_name DOMAIN;
    if ( $host ~* ^[a-zA-Z0-9\-]+\.([a-zA-Z0-9]+)?$ ){
        rewrite ^/(.*)$ https://www.$host/$1 permanent;
        }
    index index.php index.html index.htm;
    location / {
         return 301 https://domain$request_uri;
        limit_req zone=one burst=30;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header CLIENT_IP $proxy_add_x_forwarded_for;
        proxy_set_header AUTHZH aGZoZj13g5N2FmaDk4;
        proxy_pass http://IP:80/;
    }
    location ~* ^.+\.(gz|tar|tgz|tbz||zip|xz|bz2|rar|7z|sql|exe|dll|msi|iso|pdf)$ {
        limit_conn conn 2;
        limit_rate 200k;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header CLIENT_IP $proxy_add_x_forwarded_for;
        proxy_set_header AUTHZH aGZoZjg12321Zoc2FmaDk4;
        proxy_pass http://ip:80;
    }
    location ~* ^/(403|500|503)\.html { root html; }
}

cat domain.com.conf
server {
    listen          IP:443;
    server_name     domain;
    index           index.php index.html index.htm;

    ssl on;
    ssl_certificate /usr/local/nginx/conf/ssl/DOMINA/DOMAIN.pem;
    ssl_certificate_key /usr/local/nginx/conf/ssl/domain/domain.key;
    ssl_session_timeout    5m;
    ssl_protocols SSLv2 SSLv3 TLSv1;
    ssl_prefer_server_ciphers   on;

    location / {
        proxy_redirect          off;
        proxy_set_header        Host $host;
        proxy_set_header                X-Real-IP $proxy_add_x_forwarded_for;
        proxy_set_header                CLIENT_IP $proxy_add_x_forwarded_for;
        proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        AUTHZH aGZoZjg5N34Y3Zoc2FmaDk4;
    proxy_set_header    X_FORWARDED_PROTO https;
        proxy_pass http://IP;
    }
    error_page   500 502 503 504 /50x.html;
    location = /50x.html {
        root   html;
    }
}

转载于:https://blog.51cto.com/chenzm0592/1895297

weixin_33693070

关注

0
点赞
踩
0

收藏

觉得还不错? 一键收藏
0
评论
nginx强制跳转https

这里要注意的就是由于nginx没有配置中级证书的参数，所以根证书和证书文件需要合并起来配置，这个apache有点区别，证书链文件建议是配置上去apache有相应参数可以配置nginx没有。cat domain.crt domian.ca > domian.pem写2个server,80端口用return 301跳转即可。cat domain-80.conf serve...
复制链接

扫一扫