折腾:
【未解决】nginx中关于ssl配置的逻辑和常见参数含义
期间,需要去实现把80都强制转发到443:
希望
- http://www.xxx
- http://dev.xxx
- 或:dev.xxx
都转发到https的:
- https://www.xxx
- https://dev.xxx
但是不清楚最佳的写法是啥。
参考了很多:
server {
listen 80;
listen [::]:80 ssl ipv6only=on;
server_name
example.com;
return 301
https://example.com$request_uri;
}server {
listen 80;
server_name
www.yourdomain.com;
rewrite ^ https://$http_host$request_uri? permanent; # force redirect http to https
#return 301 https://$http_host$request_uri;
}server {
listen 80;
server_name
www.baidu.com;
//域名
rewrite ^(.*)$ https://${server_name}$1 permanent;
}nginx 80 redirect 443
nginx http redirect https
server {
listen 80;
return 301 https://$host$request_uri;
}和:
server {
listen 80;
server_name my.domain.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name my.domain.com;
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000" always;
[....]
}意思是:
此处用rewrite不好
不好的:
rewrite ^/(.*)$ http://example.com/$1 permanent;
还可以的:
rewrite ^ http://example.com$request_uri? permanent;
更加合适的:
return 301 http://example.com$request_uri;
server {
listen [::]:80;
return 301 https://$host$request_uri;
}server {
listen 80;
listen [::]:80; #Added IPv6 here too
server_name mysite.com;
#We remove any location-blocks from here, since this server-block just redirects everything
return 301 http://www.$server_name$request_uri; #We use a variable to have less hardcoding
}暂时不考虑复杂的ipv6了:[::]:80
因为还要去研究:bindv6only是true还是false
server {
listen 80;
server_name www.servercertificates.com;
return 301 https://$server_name$request_uri;
}【总结】
综合来说,用:
server {
listen 80;
return 301 https://$host$request_uri;
}可以涵盖子域名的301强制跳转。
且:
- 废弃不好的rewrite的写法: