将HTTP重定向到https仅在刷新页面Apache2后有效
[英]Redirect http to https only works after page refresh Apache2
问题描述
I have installed SSL Certificates on my website and on the example.com everything works fine, meaning that typing example.com redirects correctly to https://example.com . 
我已经在我的网站和example.com上安装了SSL证书,一切正常,这意味着键入example.com可以正确重定向到https://example.com 。 However, I have installed a certificate for a subdomain as well such that the link becomes: subdomain.example.com. 但是,我还为子域安装了一个证书,因此该链接变为:subdomain.example.com。
My goal is to have subdomain.example.com redirect to https://subdomain.example.com . 我的目标是将subdomain.example.com重定向到https://subdomain.example.com 。 This might sound weird but this semi-works meaning that when I first surf to subdomain.example.com it uses the http protocol but when I refresh that same page it switches to https protocol. 这听起来可能很怪异,但这是半成功的,这意味着当我第一次浏览subdomain.example.com时,它使用http协议,但是当我刷新同一页面时,它将切换为https协议。
This is my VirtualHost conf file (port 80): 这是我的VirtualHost conf文件(端口80):
<VirtualHost *:80>
ServerName subdomain.example.com
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Require all granted
ProxyPassReverse http://127.0.0.1:8181
ProxyPassReverse http://example.com/
</Location>
RewriteEngine on
#Forward all requests to gitlab-workhorse except existing files like error documents
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
# needed for downloading attachments
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
RewriteCond %{SERVER_NAME} =subdomain.example.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
#RewriteCond %{SERVER_PORT} !443
#RewriteRule ^(/(.*))?$ https://%{HTTP_HOST}/ [R=301,L]
</VirtualHost>
I have removed to non related lines from this sample above. 我已从上面的示例中删除了不相关的行。 Here is the 443 conf file: 这是443 conf文件:
< IfModule mod_ssl.c>
SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
<VirtualHost *:443>
ServerName subdomain.example.com
ServerSignature Off
< IfModule mod_ssl.c>
SSLStaplingCache shmcb:/var/run/apache2/stapling_cache(128000)
<VirtualHost *:443>
ServerName subdomain.example.com
ServerSignature Off
ProxyPreserveHost On
AllowEncodedSlashes NoDecode
<Location />
Require all granted
#Allow forwarding to gitlab-workhorse
ProxyPassReverse http://127.0.0.1:8181
ProxyPassReverse http://domain/
</Location>
RewriteEngine on
#Forward all requests to gitlab-workhorse except existing files like error documents
RewriteCond %{DOCUMENT_ROOT}/%{REQUEST_FILENAME} !-f [OR]
RewriteCond %{REQUEST_URI} ^/uploads/.*
RewriteRule .* http://127.0.0.1:8181%{REQUEST_URI} [P,QSA,NE]
# needed for downloading attachments
DocumentRoot /opt/gitlab/embedded/service/gitlab-rails/public
SSLCertificateFile /etc/letsencrypt/live/example.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/subexample.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
Header always set Strict-Transport-Security "max-age=31536000"
SSLUseStapling on
Header always set Content-Security-Policy upgrade-insecure-requests
</VirtualHost>
</IfModule>
Worth noting is that I am using certbot. 值得注意的是,我正在使用certbot。
Hopefully someone can help me. 希望有人可以帮助我。
1 个解决方案
解决方案1
0 已采纳 2018-09-29 02:20:01
You say "My goal is to have subdomain.example.com redirect to https://subdomain.example.com " . 您说“我的目标是让subdomain.example.com重定向到https://subdomain.example.com ” 。
Then why have all that proxy configuration in your :80 VirtualHost? 那么,为什么在您的:80 VirtualHost中拥有所有这些代理配置? Simply force the redirection to :443, and let :443 handle the proxy (and other). 只需将重定向强制为:443,然后让:443处理代理(和其他代理)即可。
So your VirtualHost would become: 因此,您的VirtualHost将变为:
<VirtualHost *:80>
ServerName subdomain.example.com
CustomLog logs/subdomain_80_access.log combined
ErrorLog logs/subdomain_80_error.log
RewriteEngine On
RedirectMatch ^/(.*)$ https://subdomain.example.com/$1
</VirtualHost>
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.