42

我在 Nginx 中使用反向代理,我想强制请求进入 HTTPS,所以如果用户想使用 http 访问 url,他将自动重定向到 HTTPS。

我也在使用非标准端口。

这是我的 nginx 反向代理配置:

server {
    listen 8001  ssl;
    ssl_certificate /home/xxx/server.crt;
    ssl_certificate_key /home/xxx/server.key;
    location / {
        proxy_pass https://localhost:8000;
        proxy_redirect off;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Ssl on;
        proxy_set_header  X-Forwarded-Proto  https;
    }
}

我尝试了很多事情,也阅读了有关它的帖子,包括这个 serverfault question,但到目前为止没有任何效果。

4

5 回答 5

94

发现一些运行良好的东西:

server {
        listen 8001  ssl;
        ssl_certificate /home/xxx/server.crt;
        ssl_certificate_key /home/xxx/server.key;
        error_page 497 301 =307 https://$host:$server_port$request_uri;
        location /{
            proxy_pass http://localhost:8000;
            proxy_redirect off;
            proxy_set_header Host $host:$server_port;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Ssl on;
        }
}
于 2013-03-15T15:09:41.077 回答
4

您确定您的解决方案有效吗?它正在监听 8001 ssl。它会接受http请求吗?

我这样做:

server {
    listen   80;
    server_name  yourhostname.com;

    location / {
            rewrite ^(.*) https://yourhostname.com:8001$1 permanent;
    }
}

然后是你的配置:

server {
    listen 8001  ssl;
    ssl_certificate /home/xxx/server.crt;
    ssl_certificate_key /home/xxx/server.key;
    location / {
        proxy_pass https://localhost:8000;
        proxy_redirect off;
        proxy_set_header Host $host:$server_port;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Ssl on;
        proxy_set_header  X-Forwarded-Proto  https;
    }
}
于 2013-03-15T11:21:03.817 回答
2

这对我有用:

server {
listen       80;
server_name  localhost;
...
if ($http_x_forwarded_proto = "http") {
      return 301 https://$server_name$request_uri;
}
location / {
    proxy_set_header X-Forwarded-Host $host;
    proxy_set_header X-Forwarded-Server $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_pass http://localhost:8080;
}

...
}
于 2018-06-06T20:28:32.693 回答
1

你可以

  1. 使用 $server_name 避免再次对您的域名进行硬编码(DRY),
  2. 使用 return 301 更容易阅读(网络开发人员应该知道这个 http 状态代码)

注意:我为 https 服务器设置了 443。如果你真的想听,你可以听 8001。

server {
    listen   80;
    server_name  your_hostname.com;

    return 301 https://$server_name$request_uri;
}
...
server {
    listen 443 ssl;
    server_name your_hostname.com
    ...
}
于 2013-03-15T11:47:30.867 回答
0

这是我的方法,我认为它很干净,并且允许您在需要时添加更多位置。我在 $http_x_forwarded_proto 属性上添加了一个测试,如果为真,则在 NGINX 反向代理设置上强制所有 HTTP 流量到 HTTPS

upstream flask_bootstrap {
    server flask-bootstrap:8000;
}

server {
    # SSL traffic terminates on the Load Balancer so we only need to listen on port 80
    listen 80;

    # Set reverse proxy
    location / {
        proxy_pass http://flask_bootstrap;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_redirect http://localhost/;

        # Permanently redirect any http calls to https
        if ($http_x_forwarded_proto != 'https') {
            return 301 https://$host$request_uri;
        }
    }
}
于 2020-01-25T15:19:54.890 回答