[英]Redirect NGINX http to https
I'm using LetsEncrypt on an Nginx server over at my domain memorisemedicine.com. 我在我的域memorisemedicine.com的Nginx服务器上使用LetsEncrypt。
I added a server block at the end of this 'memorise-frontend.conf' file located in /etc/nginx/sites-available that is supposed to redirect non SSL traffic to SSL (https). 我在/ etc / nginx / sites-available中的“ memorise-frontend.conf”文件的末尾添加了一个服务器块,该服务器块应将非SSL流量重定向到SSL(https)。
Now when I go visit the site without using https://, I notice that sometimes I am redirected correctly now. 现在,当我不使用https://来访问站点时,我注意到有时我现在已正确重定向。 But notably in Firefox this isn't working for me & I can still access http:// pages on this domain, which I want to never be possible. 但值得注意的是,在Firefox中,这对我不起作用,而且我仍然可以访问该域上的http://页面,但我想永远都不可能。 Does anybody know what's wrong with my .conf file here? 有人知道我的.conf文件怎么了吗? I tried editing the nginx.conf file as well, but it seems like it doesn't take server blocks well. 我也尝试编辑nginx.conf文件,但似乎并不能很好地利用服务器块。
server {
charset utf-8;
client_max_body_size 128M;
listen 80; ## listen for ipv4
#listen [::]:80 default_server ipv6only=on; ## listen for ipv6
server_name memorisemedicine.com www.memorisemedicine.com;
root /srv/memorise/frontend/web;
index index.php;
# access_log /path/to/basic/log/access.log;
# error_log /path/to/basic/log/error.log;
location / {
# Redirect everything that isn't a real file to index.php
try_files $uri $uri/ /index.php$is_args$args;
}
# uncomment to avoid processing of calls to non-existing static files by Yii
#location ~ \.(js|css|png|jpg|gif|swf|ico|pdf|mov|fla|zip|rar)$ {
# try_files $uri =404;
#}
#error_page 404 /404.html;
# deny accessing php files for the /assets directory
location ~ ^/assets/.*\.php$ {
deny all;
}
location ~ \.php$ {
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
#fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_pass unix:/run/php/php7.0-fpm.sock;
try_files $uri =404;
}
location ~* /\. {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/memorisemedicine.com/fullchain.pem; # man$
ssl_certificate_key /etc/letsencrypt/live/memorisemedicine.com/privkey.pem; # m$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
}
server {
return 301 https://memorisemedicine.com$request_uri;
}
In your nginx configuration i can not see the server part which listens to port 443 for ssl. 在您的nginx配置中,我看不到侦听ssl的端口443的服务器部分。 I will add my configuration so you can edit it to your own need: 我将添加我的配置,以便您可以根据自己的需要对其进行编辑:
server {
listen 80;
listen [::]:80;
return 301 https://$server_name$request_uri;
access_log /var/log/nginx/api.example.com-access.log timed;
error_log /var/log/nginx/api.example.com-error.log;
root /var/www/example/html/public;
server_name api.example.com;
location / {
index index.html index.php;
try_files $uri $uri/ @php;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME /var/www/example/html/public/index.php;
include fastcgi_params;
}
location ~ /.well-known {
allow all;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
access_log /var/log/nginx/api.example.com-access.log timed;
error_log /var/log/nginx/api.example.com-error.log;
root /var/www/example/html/public;
server_name api.example.com;
include snippets/ssl-api.example.com.conf;
include snippets/ssl-params.conf;
location / {
index index.html index.php;
try_files $uri $uri/ /index.php?q=$uri&$args;
}
location ~ \.php$ {
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_param SCRIPT_FILENAME /var/www/example/html/public/index.php;
include fastcgi_params;
}
location ~ /.well-known {
allow all;
}
}
My include snippets/ssl-api.example.com.conf; 我的代码片段是/ssl-api.example.com.conf; includes the fullchain and private from certbot . 包括从certbot的fullchain和私人 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.