2

Firefox 是我唯一遇到问题的浏览器。我发现了类似的问题,但似乎没有解决方案有效。

当我访问http://example.com时,nginx 将其重写为http://www.example.com。我这样做是因为该站点在整个站点范围内使用 ssl,现在该站点使用子域保留在初始服务器上,https://subdomain.example.com也是如此。搜索引擎、旧书签和其他旧链接试图将用户带到https://example.com

在所有浏览器中,这就像一个魅力,除了在 Firefox 中。

问题: Firefox 接受用户对http://example.com的请求并将它们转发到https://subdomain.example.com

然后从读取https://example.com的搜索引擎链接中,会引发 SSL 错误,因为它正在尝试读取 subomain.example 的内容。

我很困惑,现在是早上 430。有人在这里有任何线索吗?

这是我的 nginx 配置文件:

    upstream thin_server {
    server 0.0.0.0:8080 fail_timeout=0;
    }

server {
listen   80 default;
listen 443 ssl;
ssl off;
root /home/example/public;
server_name example.com www.example.com;
ssl_certificate /etc/nginx/ssl/www.example.com.chained.crt;
ssl_certificate_key /etc/nginx/ssl/example.key;
index index.htm index.html;

if ($host = 'example.com') {
    rewrite  ^/(.*)$  http://www.example.com/$1;
}

location / {
    try_files $uri/index.html $uri.html $uri @app;
}

location ~* ^.+\.(jpg|jpeg|gif|png|ico|css|zip|tgz|gz|rar|bz2|doc|xls|exe|pdf|ppt|txt|tar|mid|midi|wav|bmp|rtf|js|mp3|flv|mpeg|avi)$ {
        try_files $uri @app;
    }

 location @app {
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_redirect off;
    proxy_pass http://thin_server;
}

error_page 500 502 503 504 /500.html;
client_max_body_size 4G;
keepalive_timeout 10;
}

更新几天后才开始随机工作

4

1 回答 1

1

我遇到了类似的问题,Chrome 运行良好,IE 和 firefox 无法使用 http 到 https 重定向。我正在寻找一天,构建各种配置但没有任何帮助。

偶然我检查了我的防火墙(ufw状态)并意识到端口80没有打开,只有443。
在允许端口80之后它工作了。

这是我正在运行的 nginx 配置(我知道它没有优化)

# Redirect http to https
server {
    listen 80 default_server;
    listen [::]:80 default_server; 
    server_name domain.tl www.domain.tl *.domain.tl;    
    return 301 https://www.domain.tl$request_uri;
}

#HTTPS config for SSL with certificate
server {
    listen 443 ssl;
    listen [::]:443 ssl;    
    server_name www.domain.tl www.domain.tl;  

#Limited Cipers to avoid MD5 etc attacks 
   ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
   ssl_prefer_server_ciphers on;
   ssl_session_cache shared:SSL:10m;

#Limit to TLSv1.2 for security 
    ssl_protocols TLSv1.2;

#Chained certificate to make sure the intermediate is in
    ssl_certificate /etc/nginx/ssl/certificate.chain.crt;
    ssl_certificate_key /etc/nginx/ssl/certificat_key.key;

#PHP, Wordpress etc config
    root /var/www/html;
    index index.php index.html index.htm;

    # unless the request is for a valid file, send to bootstrap

    location / {
        # First attempt to serve request as file, then
        # as directory, then fall back to displaying a 404.
        #try_files $uri $uri/ =404;
        #Rewrite rule fuer Wordpress
    try_files $uri $uri/ /index.php?$args;
    }

# PHP7 specific
    location ~ \.php$ {
        try_files $uri =404;
        #fastcgi_pass 127.0.0.1:9000;
        # With php5-fpm:
        #fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }

    # OLD CONFIG for php5
    # location ~ \.php$ {
    #    try_files $uri =404;
    #    fastcgi_split_path_info ^(.+\.php)(/.+)$;
    #    fastcgi_pass unix:/var/run/php5-fpm.sock;
    #    fastcgi_index index.php;
    #    include fastcgi_params;
    #}
}
于 2018-01-15T22:18:02.850 回答