Nginx配置http强制跳转https


Nginx https 配置示例

server {
        listen       443 default_server ssl http2;
        server_name  www.itlangzi.com;
        root         /usr/local/nginx/html;
        ssl_certificate /cert/www.itlangzi.com.pem;
        ssl_certificate_key /cert/www.itlangzi.com.key;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        # return      301 https://$host$request_uri; 
        # Load configuration files for the default server block.
        client_max_body_size 500m;

		location / {
				index index.html;
		}

		error_page 404 /404.html;
				location = /40x.html {
		}

		error_page 500 502 503 504 /50x.html;
				location = /50x.html {
		}
}

采用nginx的rewrite方法

配置1

server {
		listen 80;
		server_name www.itlangzi.com;
		index index.html index.htm;
     
		rewrite ^(.*)$  https://$host$1 permanent;
		# 或者
		# rewrite ^(.*)$  https://$host$1 permanent;
		# 或者
		# rewrite ^/(.*)$ https://www.itlangzi.com/$1 permanent;
		# 或者
		# rewrite ^ https://www.itlangzi.co$request_uri? permanent;
  
		location ~ / {
				root  /var/www/html;
				index index.html index.php index.htm;
		}
}

配置2

server {
		listen 80;
		server_name www.itlangzi.com;
		index index.html index.htm;
     
		return 301 https://$server_name$request_uri;
  
		location ~ / {
				root  /var/www/html;
				index index.html index.php index.htm;
		}
}

配置3

多域名方案

server {
		listen 80;
		server_name www.itlangzi.com git.itlangzi.com;
		index index.html index.htm;
     
		if ($host ~* "^itlangzi.com$") {
			rewrite ^/(.*)$ https://www.itlangzi.com/ permanent;
		}
  
		location ~ / {
				root  /var/www/html;
				index index.html index.php index.htm;
		}
}

配置4

多域名方案

server {
		listen 80;
		server_name www.itlangzi.com;
		index index.html index.htm;
     
		if ($host = "www.itlangzi.com") {
			 rewrite ^/(.*)$ https://www.itlangzi.com permanent;
		}
  
		location ~ / {
				root  /var/www/html;
				index index.html index.php index.htm;
		}
}

采用nginx的497状态码

497 - normal request was sent to HTTPS => 当网站只允许https访问时,当用http访问时nginx会报出497错误码
非标准443端口的https情况下使用的强转配置方式

server {
		listen 80;
		server_name www.itlangzi.com;
		index index.html index.htm;
    
		error_page 497  https://$host$uri?$args
 
		location ~ / {
				root  /var/www/html;
				index index.html index.php index.htm;
		}
}

利用meta的刷新作用将http跳转到https

巧妙的利用meta的刷新作用,将http跳转到https; 可以基于http://www.itlangzi.com的虚拟主机路径下写一个index.html,内容就是http向https的跳转

<html> 
		<head>
			<meta http-equiv="refresh" content="0;url=https://www.itlangzi.com/"> 
		</head>
</html>

通过 proxy_redirect方式

proxy_redirect http:// https://;

httphttps 共存,www 可有可无

此时以下四种访问方式都可以,前提是域名解析要正确

server {
        listen       80 ;
        listen       443 default_server ssl http2;
        server_name  www.itlangzi.com;
        root         /usr/local/nginx/html;
        ssl_certificate /cert/www.itlangzi.com.pem;
        ssl_certificate_key /cert/www.itlangzi.com.key;
        ssl_session_cache shared:SSL:1m;
        ssl_session_timeout  5m;
        ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
        ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        # return      301 https://$host$request_uri; 
        # Load configuration files for the default server block.
        client_max_body_size 500m;

		location / {
				index index.html;
		}

		error_page 404 /404.html;
				location = /40x.html {
		}

		error_page 500 502 503 504 /50x.html;
				location = /50x.html {
		}
}

作者: 浪子
版权声明: 本博客所有文章除特別声明外, 均采用 CC BY 4.0 许可协议。转载请注明来源 浪子!
  目录