1

我在从 www 重定向到非 www 时遇到问题,仅适用于 https/ssl。任何想法为什么会发生这种情况?它适用于非安全 URL。这是我的配置:

html {
    # Compression

    # Enable Gzip compressed.
    gzip on;

    # Enable compression both for HTTP/1.0 and HTTP/1.1.
    gzip_http_version 1.1;

    # Compression level (1-9).
    # 5 is a perfect compromise between size and cpu usage, offering about
    # 75% reduction for most ascii files (almost identical to level 9).
    gzip_comp_level 5;

    # Don't compress anything that's already small and unlikely to shrink much
    # if at all (the default is 20 bytes, which is bad as that usually leads to
    # larger files after gzipping).
    gzip_min_length 128;

    # Compress data even for clients that are connecting to us via proxies,
    # identified by the "Via" header (required for CloudFront).
    gzip_proxied any;

    # Tell proxies to cache both the gzipped and regular version of a resource
    # whenever the client's Accept-Encoding capabilities header varies;
    # Avoids the issue where a non-gzip capable client (which is extremely rare
    # today) would display gibberish if their proxy gave them the gzipped version.
    gzip_vary on;

    # Compress all output labeled with one of the following MIME-types.
    gzip_types application/atom+xml application/x-javascript application/javascript application/json application/rss+xml application/vnd.ms-fontobject application/x-font-ttf application/x-web-app-manifest+json application/xhtml+xml application/xml font/opentype image/svg+xml image/x-icon text/css text/plain text/x-component;
}

server {
    listen 80;
    server_name www.example.com example.com;
    return 301 https://example.com$request_uri;
}

server {
    listen *:443 ssl;
    server_name www.example.com;
    return https://example.com$request_uri 301;
}

server {
    listen 443 ssl;
    server_name example.com;
    root /home/forge/default/public;

    index index.html index.htm index.php;

    charset utf-8;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location = /favicon.ico { access_log off; log_not_found off; }
    location = /robots.txt  { access_log off; log_not_found off; }

    access_log off;
    error_log  /var/log/nginx/default-error.log error;

    error_page 404 /index.php;

    location ~ \.php$ {
        fastcgi_param DB_PASSWORD "password";
        fastcgi_param DB_USERNAME "user";
        fastcgi_param DB_NAME "db";
        fastcgi_param DB_HOST "localhost";
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/var/run/php5-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }

    # Expire rules for static content

    # cache.appcache, your document html and data
    location ~* \.(?:manifest|appcache|html?|xml|json)$ {
      expires -1;
      # access_log logs/static.log; # I don't usually include a static log
    }

    # Feed
    location ~* \.(?:rss|atom)$ {
      expires 1h;
      add_header Cache-Control "public";
    }

    # Media: images, icons, video, audio, HTC
    location ~* \.(?:jpg|jpeg|gif|png|ico|cur|gz|svg|svgz|mp4|ogg|ogv|webm|htc)$ {
      expires 1M;
      access_log off;
      add_header Cache-Control "public";
    }

    # CSS and Javascript
    location ~* \.(?:css|js)$ {
      expires 1y;
      access_log off;
      add_header Cache-Control "public";
    }
}
4

2 回答 2

3

好的,所以我前一阵子想通了,但忘了发布答案,所以就在这里。

server {
    listen 80;
    server_name www.example.com example.com;
    return 301 https://example.com$request_uri;
}

server {
    listen 443 ssl;
    server_name example.com;
    root /home/forge/default/public;

    if ($host = 'www.example.com') {
        rewrite ^/(.*)$ https://example.com/$1 permanent;
    }
}

我不完全确定这是多么强大,但它确实有效。

本质上,您在端口 80 上侦听 www 和非 www 并将 301 重定向返回到安全的非 www URL。然后,如果请求的主机与安全 URL 的 www 版本匹配,则检查您的 SSL 服务器块侦听端口 443,如果匹配,则将其永久重写为安全的非 www 版本。

于 2015-02-25T10:30:44.373 回答
0

nginx 从“default_server”或针对特定 IP+端口对的第一个描述中获取 SSL 证书。

所以,你应该

  • 交换启用 SSL 的server
  • 或者只是将default_server参数添加到listen第二个块中的指令。
于 2014-12-15T23:10:38.627 回答