Redirect all HTTP requests to HTTPS with Nginx

最新推荐文章于 2022-05-09 09:33:00 发布
最新推荐文章于 2022-05-09 09:33:00 发布
阅读量682 收藏
点赞数
分类专栏: nginx

https://www.bjornjohansen.no/redirect-to-https-with-nginx


All login credentials transferred over plain HTTP can easily be sniffed by an MITM attacker, but is is not enough to encrypt the login forms. If you are visiting plain HTTP pages while logged in, your session can be hijacked, and not even two-factor authentication will protect you. To protect all info sent between your visitors – which includes you – and your web server, we will redirect all requests that are coming over plain HTTP to the HTTPS equivalent.

It is not really necessary to use HTTPS for absolutely all requests, but it makes your life much easier to just handle one scheme and redirect all plain HTTP traffic to the equivalent HTTPS resource. So please make sure you setup HTTPS for the same hostname that you use for plain HTTP. Do NOT use secure.example.com if your regular hostname is example.com or www.example.com. The only difference should be the scheme – nothing else. This will save you from a lot of headaches further down the road.

  1. Setup HTTPS on Nginx
  2. Optimize HTTPS on Nginx and get an A+ score on the SSLlabs test.
  3. Optionally, set up HTTP Public Key Pinning (HPKP)
  4. Redirect all HTTP traffic to HTTPS in your Nginx config: 
    server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name _;
	return 301 https://$host$request_uri;
}

Now all traffic for http://example.com/foobar is redirected to https://example.com/foobar. Please note that while this works fine for GET requests, the postdata is not sent to the new URL for POST requests. This is usually not an issue if you’re using WordPress – at least not if your website is coded somewhat properly – as all your forms should use the URL WordPress is configured to use.

The redirect response is sent with the HTTP status code 301, which tells the browser (and search engines) that this a permanent redirect. This makes the browser remember the redirect, so that next time they visit, the browser will do the redirect internally. If you set the HSTS header – which you should – the browser will even do this for every single request to your domain.

Note that the above is a very general purpose Nginx config that will redirect all hostnames on the server. You are free to specify the specific hostnames you want to have redirected. Also: If you’re a little paranoid – which is not a bad thing in web security – you will note that it’s using the Nginx $host variable. This variable can be set by the HTTP Host header – provided by the client. It is most likely safe to use in this manner, but as a principle, it’s better to play it safe by using variables we set ourselves:

server {
	listen 80 default_server;
	listen [::]:80 default_server;
	server_name example.com www.example.com;
	return 301 https://$server_name$request_uri;
}

We do have to use the $request_uri variable – which we have very little control over. To remove malicious request URIs, you should look into getting a WAF (Web Application Firewall).


雜貨鋪老闆
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
专栏目录
Nginx上部署HTTPS + HTTP2
熊猫猛男
07-17 2366
Nginx上部署HTTPS依赖OpenSSL库和包含文件,即须先安装好libssl-dev(或者OpenSSL),且ln -s /usr/lib/x86_64-linux-gnu/libssl.so  /usr/lib/,然后在编译配置Nginx时要指定--with-http_ssl_module和--with-http_v2_module。另外,若要在本地运行openssl命令,要安装OpenS
Nginx 配置 HTTPS
@日月空@的博客
06-05 164
文章目录HTTPHTTPSHTTPS介绍SSL介绍安装 Nginx 的 SSL 模块自签名证书openssl创建证书申请证书下载证书到本地上传证书到服务器修改配置文件设置HTTP请求自动跳转HTTPS(可选项)重启 Nginx错误解决方案验证是否安装成功HTTPS 其他优化优化CPU消耗使用HSTS优化安全性其他安全优化优化总结示例 HTTPHTTPS 超文本传输协议HTTP协议被用于在Web浏览器和网站服务器之间传递信息, HTTP协议以明文方式发送内容,不提供任何方式的数据加密,如果攻击者截
网站重定向-http怎么重定向到https最全解决方案
热门推荐
jackbon8的博客
11-28 3万+
前言: 本教程主要是对 网站http重定向到https,其中包括目前市面上常用各种服务器环境(Apache,Ngnix,IIS7系列)设置方法。 下面不啰嗦,直接上干货!!! 第一“IIS7” 环境中的设置方法 1.下载安装IIS的URL重写模块:Microsoft URL Rewrite Module 下载链接↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓↓ 如果你电脑是32位的点击我下载吧 如果你服务器是6...
Redirect http to https
jeff lee的专栏
10-11 554
A quick overview of doing redirects from non-ssl to ssl websites. Ed. Note: While you should be able to do this in the 10.4 webGUI, you were unable do this in earlier versions of OS X Server. That'
nginx访问http跳转到https上的配置
weixin_43652507的博客
05-09 2003
nginx访问http跳转到https上的配置
request重定向_F5 http to https重定向
weixin_39940957的博客
12-19 1801
HTTP to HTTPS redirect设置http to https重定向iRule脚本# HTTP_to_HTTPS_iRule ​ when HTTP_REQUEST { HTTP::redirect "https://[HTTP::host][HTTP::uri]" } ​ # Factory F5 https redirect iRule ​ when HTTP_RE...
https 配置文件
V_1920的博客
11-16 599
server { #listen 80 ; listen 443 ssl; server_name wx; ssl_certificate /usr/local/nginx/cert/4237704_wx.frcsys.cn.pem; ssl_certificate_key /usr/local/nginx/cert/4237704_wx.frcsys.cn.key; ssl_se...
python中requestshttps使用简单示例
09-20
主要介绍了python中requestshttps使用简单示例,具有一定借鉴价值,需要的朋友可以参考下
nginx-http-stub-requests
05-24
$ wget https://github.com/atomx/nginx-http-stub-requests/archive/v1.0.1.tar.gz 解压缩模块的源代码: $ tar xzf nginx-http-stub-requests-1.0.1.tar.gz 转到包含nginx源的目录,使用所需的选项运行配置脚本,...
Python使用requests提交HTTP表单的方法
09-19
`requests`库是一个强大的、用户友好的HTTP客户端库,它简化了发送HTTP请求的过程。本篇文章将详细讲解如何使用`requests`库来提交HTTP表单。 首先,让我们了解HTTP表单的基本概念。HTTP表单是网页上用于用户输入...
python用requests实现http请求代码实例
09-18
在Python编程中,`requests`库是一个非常常用且强大的库,用于发送HTTP请求。它提供了简单易用的接口,使得处理网络数据变得轻而易举。以下是对标题和描述中所述知识点的详细解释: 1. **GET请求**: - `requests....
Requests-HTTP库.zip
07-11
Requests-1.7.0HTTP库是一个PHP的HTTP类库。相对于cURL等类库来说,它具有简单易用且友好的API,且不依赖于cURL。它支持HEAD、 GET、 POST、 PUT、 DELETE和PATCH等方法,基本能满足任何形式的HTTP请求。Requests不...
Nginx https支持配置
huangbaokang的博客
09-25 840
server { listen 443; server_name XX.XXzhihui.com; ssl on; ssl_certificate 1_XX.XXzhihui.com_bundle.crt; ssl_certificate_key 2_XX.XXzhihui.com.key; ssl_se
https redirecthttp 的解决方式
疯狂小草的博客
01-06 1万+
问题描述 网站是https的,但是使用了HttpServletResponse.sendRedirect的方法,使相对路径的地址跳转到了http网址(80端口),而不是https(443端口)。 导致了很多问题,例如(用户一次请求,结果多次才能访问上,影响体验、http被访问,其实不被希望、被安全的浏览器认为你在反复重定向,直接kill你的请求!) 看了一些博客,下面是总结的解决方案 解决方案...
nginxhttp重定向到https
大白菜
04-24 6650
使用nginxhttp重定向到https 背景: 1、没有加S的网页容易被嵌入广告 2、没有www的网页,微信支付调用不起来,够坑吧! 解决方案: 1、将http重定向到https 2、将 domain.com 跳转到 www.domain.com 必备知识: 1、http 默认为 80 端口 2、https 默认为 443 端口 ...
tomcat配置重定向_在Tomcat上配置SSL以及从HTTPHTTPS的设置自动重定向的步骤
从零开始的教程世界
07-09 2502
tomcat配置重定向Secured Socket Layer (SSL) is the cryptography protocol to provide message security over the Internet. It works on the notion of Private and Public keys and messages are encrypted before se...
oneinstack在配置ssl的时候nginx: [error] open() "/var/run/nginx.pid" failed (2: No such file or directory)
Fall_In_Love_With的博客
05-17 462
在配置HTTPS的时候:Do you want to redirect all HTTP requests to HTTPS? [y/n]: y 输入了y,出现了 nginx: [error] open() "/var/run/nginx.pid" failed (2: No such file or directory) 遇到这个问题进入nginx.conf的文件目录下运行语句:nginx...
nginx 代理https后,应用redirect https变成http --转
05-05 474
原文地址:http://blog.sina.com.cn/s/blog_56d8ea900101hlhv.html 情况说明nginx配置https,tomcat正常http接受nginx转发。nginx 代理https后,(java代码redirect地址)应用redirect https变成http情况类似http://2hei.net/mt/2010/02/request-get...
JavaScript 音乐播放器及其源代码.zip
最新发布
07-22
项目:带有源代码的 JavaScript 音乐播放器 JavaScript 音乐播放器是一个使用 JavaScript、CSS 和 HTML 开发的简单项目。这个项目很有趣。在这里,用户可以通过单击不同颜色的图块来播放不同类型的曲调,并欣赏音乐的声音。此外,用户可以像钢琴一样使用它们来生成不同的曲调。   项目制作 音乐播放器项目仅包含 HTML、CSS 和 JavaScript。谈到该系统的功能,用户可以播放不同类型的音乐。您只需单击不同颜色的图块即可收听音乐。该项目包含大量 JavaScript,用于使项目正常运行。 如何运行该项目? 要运行此项目,您不需要任何类型的本地服务器,但需要浏览器。我们建议您使用现代浏览器,如 Google Chrome 和 Mozilla Firefox。要运行此系统,首先,通过单击 index.html 文件在浏览器中打开项目。 演示: 该项目为国外大神项目,可以作为毕业设计的项目,也可以作为大作业项目,不用担心代码重复,设计重复等,如果需要对项目进行修改,需要具备一定基础知识。 注意:如果装有360等杀毒软件,可能会出现误报的情况,源码本身并无病毒,使用源码时可以关闭360,或者添加信任。
nginx 配置httphttps兼容问题
08-04
通过在nginx配置文件中添加Content-Security-Policy头,并将其值设置为upgrade-insecure-requests,可以实现http请求的自动升级为https。这样,在访问http网页时,浏览器会自动将请求升级为https,而不会报错。[1][2...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值