0

我正在为nginx使用以下配置文件,它适用于 Chrome,但不适用于 Firefox。使用 Firefox,我收到以下错误:

"Firefox has detected that the server is redirecting the request for 
this address in a way that will never complete."

如果 Firefox 没有帮助,请清除 cookie 和缓存。

upstream dev_server {
  server 127.0.0.1:8100 fail_timeout=0;
}

server {
  listen 80;
  server_name subdomain.pro.domain.com;
  location /blog {
    proxy_pass http://dev_server;

    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

    proxy_set_header  Accept-Encoding "";
    proxy_set_header  Host $host;
    proxy_set_header  X-Real-IP $remote_addr;
    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header  X-Forwarded-Proto $scheme;
    add_header        Front-End-Https   on;

    proxy_redirect    off;
  }
  location / {
    rewrite     ^(.*)$ https://subdomain.pro.domain.com$1;
  }
}

server {
  listen              443;
  ssl                 on;
  server_name         subdomain.pro.domain.com;

  ssl_certificate     /etc/nginx/star.pro.domain.com.crt;
  ssl_certificate_key /etc/nginx/star.pro.domain.com.key;

  ### SSL settings here ###
  ssl_protocols       SSLv3 TLSv1 TLSv1.1 TLSv1.2;
  ssl_ciphers         RC4:HIGH:!aNULL:!MD5;
  ssl_prefer_server_ciphers on;
  keepalive_timeout   60;
  ssl_session_cache   shared:SSL:10m;
  ssl_session_timeout 10m;

  add_header Strict-Transport-Security max-age=500;

  location /blog {
    rewrite     ^(.*)$ http://subdomain.pro.domain.com$1;
  }

  location / {
    proxy_pass http://dev_server;

    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;

    proxy_set_header  Accept-Encoding "";
    proxy_set_header  Host $http_host;
    proxy_set_header  X-M-Secure "true";
    proxy_set_header  X-Real-IP $remote_addr;
    proxy_set_header  X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header  X-Forwarded-Proto $scheme;
    add_header        Front-End-Https   on;
    proxy_max_temp_file_size 0;

    proxy_redirect    off;
  }
}
4

1 回答 1

1

发现问题。

因为 /blog 重定向到 HTTP 而所有其他路径都重定向到 HTTPS,所以问题出在以下配置行:

add_header Strict-Transport-Security max-age=500;

当我注释掉那行时,问题就消失了。

于 2013-06-06T13:35:18.690 回答