0

我正在使用以下设置:

s1.conf

# Default website
server {

    listen 80;
    server_name test.com www.test.com;
    return 301 https://test.com$request_uri;  # enforce https

    server_name_in_redirect off;

    access_log /var/log/nginx/access.log main;
    error_log  /var/log/nginx/error.log warn;

    proxy_set_header    X-Real-IP        $remote_addr;
    proxy_set_header    X-Forwarded-For  $proxy_add_x_forwarded_for;
    proxy_set_header    Host $host:80;
    proxy_set_header<   X-Forwarded-Host $http_host

    set $proxyserver    "http://127.0.0.1:8888";
    set $docroot        "/home/bitrix/www";

    index index.php;
    root /home/bitrix/www;

    # Redirect to ssl if need
    if (-f /home/bitrix/www/.htsecure) { rewrite ^(.*)$ https://$host$1 permanent; }

    # Include parameters common to all websites
    include bx/conf/bitrix.conf;

    # Include server monitoring locations
    include bx/server_monitor.conf;
}

s1_ssl.conf

# Default SSL certificate enabled website
server {
    listen  443 default_server ssl;
    server_name test.com;

    # Enable SSL connection
    include bx/conf/ssl.conf;
    server_name_in_redirect off;

    proxy_set_header    X-Real-IP   $remote_addr;
    proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header    Host        $http_host:443;
    proxy_set_header    X-Forwarded-Host $http_host;
    proxy_set_header    X-Forwarded-Proto https;

    proxy_set_header    HTTPS       YES;

    set $proxyserver    "http://127.0.0.1:8888";
    set $docroot        "/home/bitrix/www";

    index index.php;
    root /home/bitrix/www;

    # Include parameters common to all websites
    include bx/conf/bitrix.conf;

    # Include server monitoring API's
    include bx/server_monitor.conf;

}

当我尝试链接http://test.com/xyz/https://test.com/xyz/时,一切正常。但是当我尝试像http://test.com/xyzhttps://test.com/xyz这样的链接时,我得到 400 Bad Request,普通的 HTTP 请求被发送到 HTTPS 端口

这个卷曲输出:

curl -I -k https://test.com/xyz
HTTP/1.1 301 Moved Permanently
Server: nginx/1.6.2
Date: Mon, 22 Feb 2016 09:13:28 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
Location: http://test.com:443/xyz/
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN

为什么协议更改为http?

4

1 回答 1

4

您忘了说对http://test.com/xyz的引用是目录。

什么是邪恶:mod_dir

当服务器收到对 URL http://servername/foo/dirname的请求时,会发出“尾部斜杠”重定向,其中 dirname 是一个目录。目录需要尾部斜杠,因此 mod_dir 发出重定向到http://servername/foo/dirname/

对他来说“HTTPS on”不起作用,方案 https:// 不是

应该做什么:

1)nginx配置不涉及任何东西

2) 在您的域的 httpd 配置中,例如: /etc/httpd/bx/conf/bx_ext_site.local.conf

其中字符串包含您的服务器名称,例如: ServerName site.local

补充以下内容: https://

就是这样: 服务器名 https: //site.local

这就是你所需要的

它无需任何重定向即可工作

意味着问题隐藏在手册中http://httpd.apache.org/docs/2.2/mod/core.html#servername

有时,服务器在处理 SSL 的设备后面运行,例如反向代理、负载平衡器或 SSL 卸载设备。在这种情况下,请在 ServerName 指令中指定客户端连接的 https:// 方案和端口号,以确保服务器生成正确的自引用 URL。

于 2016-03-11T21:21:00.417 回答