折腾:
【未解决】nginx中关于ssl配置的逻辑和常见参数含义
期间,需要去实现把80都强制转发到443:
希望
- http://www.xxx
- http://dev.xxx
- 或:dev.xxx
都转发到https的:
- https://www.xxx
- https://dev.xxx
但是不清楚最佳的写法是啥。
参考了很多:
server { listen 80; listen [::]:80 ssl ipv6only=on; server_name example.com; return 301 https://example.com$request_uri; }
server { listen 80; server_name www.yourdomain.com; rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https #return 301 https://$http_host$request_uri; }
server { listen 80; server_name www.baidu.com; //域名 rewrite ^(.*)$ https://${server_name}$1 permanent; }
nginx 80 redirect 443
nginx http redirect https
server { listen 80; return 301 https://$host$request_uri; }
和:
server { listen 80; server_name my.domain.com; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name my.domain.com; # add Strict-Transport-Security to prevent man in the middle attacks add_header Strict-Transport-Security "max-age=31536000" always; [....] }
意思是:
此处用rewrite不好
不好的:
rewrite ^/(.*)$ http://example.com/$1 permanent;
还可以的:
rewrite ^ http://example.com$request_uri? permanent;
更加合适的:
return 301 http://example.com$request_uri;
server { listen [::]:80; return 301 https://$host$request_uri; }
server { listen 80; listen [::]:80; #Added IPv6 here too server_name mysite.com; #We remove any location-blocks from here, since this server-block just redirects everything return 301 http://www.$server_name$request_uri; #We use a variable to have less hardcoding }
暂时不考虑复杂的ipv6了:[::]:80
因为还要去研究:bindv6only是true还是false
server { listen 80; server_name www.servercertificates.com; return 301 https://$server_name$request_uri; }
【总结】
综合来说,用:
server { listen 80; return 301 https://$host$request_uri; }
可以涵盖子域名的301强制跳转。
且:
- 废弃不好的rewrite的写法: