[英]Nginx http and https block configuration
I am setting up a load balancer that works with https and http if there isn't a https config file. 如果没有https配置文件,我将设置一个可与https和http一起使用的负载平衡器。
I have multiple virtual hosts that attempt to redirect http traffic to https ( type 1 ) that are like this: 我有多个虚拟主机尝试将http流量重定向到https( 类型1 ),如下所示:
server {
listen 80;
server_name example.xyz www.example.xyz;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name example.xyz;
ssl on;
ssl_certificate /etc/nginx/ssl/example.xyz/fullchain.pem;
ssl_certificate_key /etc/nginx/ssl/example.xyz/privkey.pem;
location / {
proxy_pass http://myapp1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
and I also have one virtual host for all the http traffic ( type 2 ) like this. 我也有一个虚拟主机来处理所有http流量( 类型2 ),就像这样。
upstream myapp1 {
server 8.8.8.8;
server 8.8.4.4 backup;
}
server {
listen 80 default_server;
location / {
proxy_pass http://myapp1;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
This setup is not working. 此设置无效。 I have two problems 我有两个问题
The type 1 virtual hosts are not redirecting to https. 类型1虚拟主机未重定向到https。
I have the type 1 configs for foo.com
, bar.com
and baz.com
but bar.com
and baz.com
use the ssl cert from foo.com
我有foo.com
, bar.com
和baz.com
的类型1配置,但是bar.com
和baz.com
使用foo.com
的ssl证书
For your first problem try this to do the redirect: 对于第一个问题,请尝试执行以下重定向:
return 301 https://$host$request_uri;
As you have two servernames configured, I prefer to use the host info directly from the incoming request. 由于配置了两个服务器名,因此我更喜欢直接从传入请求中使用主机信息。 See http://nginx.org/en/docs/http/ngx_http_core_module.html#var_host 参见http://nginx.org/en/docs/http/ngx_http_core_module.html#var_host
For your second problem I can't say anything. 对于第二个问题,我什么也不能说。 Your pasted config looks fine. 您粘贴的配置看起来不错。 Make sure the different folders contain different certs ;-) 确保不同的文件夹包含不同的证书;-)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.