我試圖在 Ubuntu 16.04 上使用 Let's Encrypt 來保護 Nginx 的安全。
範例.conf 文件前取得 SSL 憑證
server {
server_name example.com www.example.com ;
# Tell Nginx and Passenger where your app's 'public' directory is
root /var/www/backup/mycode/public;
# Turn on Passenger
passenger_enabled on;
rails_env development;
passenger_ruby /usr/local/rvm/gems/ruby-2.5.6/wrappers/ruby;
}
http://example.com/是工作正常。
我嘗試透過以下方式取得 SSL 證書
sudo certbot --nginx -d example.com -d www.example.com
結果是
Your existing certificate has been successfully renewed, and the new certificate
has been installed.
The new certificate covers the following domains: https://example.com and
https://www.example.com
範例.conf 文件後取得 SSL 憑證
server {
server_name example.com www.example.com ;
# Tell Nginx and Passenger where your app's 'public' directory is
root /var/www/backup/example.com/public;
# Turn on Passenger
passenger_enabled on;
rails_env development;
passenger_ruby /usr/local/rvm/gems/ruby-2.5.6/wrappers/ruby;
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name example.com www.example.com ;
listen 80;
return 404; # managed by Certbot
}
http://example.com/正在重定向到 https://example.com/太多次
example.com redirected you too many times.
ERR_TOO_MANY_REDIRECTS
為什麼重定向太多次?
第二個伺服器區塊的用途是什麼?
server { if ($host = www.example.com) { return 301 https://$host$request_uri; } # managed by Certbot if ($host = example.com) { return 301 https://$host$request_uri; } # managed by Certbot server_name example.com www.example.com ; listen 80; return 404; # managed by Certbot }如何使所有重定向到https://www.example.com/?
編輯1
將 certibot 託管程式碼移至第二個伺服器區塊已解決了過多重定向問題。但我的網站又回來了,指向HTTP協定而不是 https。
server {
server_name example.com www.example.com ;
# Tell Nginx and Passenger where your app's 'public' directory is
root /var/www/backup/example.com/public;
# Turn on Passenger
passenger_enabled on;
rails_env development;
passenger_ruby /usr/local/rvm/gems/ruby-2.5.6/wrappers/ruby;
}
server {
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name example.com www.example.com ;
listen 80;
return 404; # managed by Certbot
}
答案1
第二個伺服器區塊的用途是什麼?
偵聽 HTTP 並將 HTTP 請求重新導向到 HTTPS。
為什麼重定向太多次?
不應該,除非網站本身不喜歡使用 HTTPS 進行調用,因此會再次執行一些重定向。 Nginx 設定似乎沒問題。
How to make all redirects to https://www.example.com/?
改變
if ($host = example.com) {
return 301 https://$host$request_uri;
}
到
if ($host = example.com) {
return 301 https://www.$host$request_uri;
}
您也可以新增另一個重定向https://example.com到https://www.example.com(在第一個伺服器區塊中,偵聽 HTTPS 的伺服器區塊);這將負責重定向不帶“www”的 HTTPS 請求。一開始。
答案2
1. 為什麼重定向次數過多?
您的應用程式不知道請求是否透過 SSL 傳入,將以下行新增到您的伺服器區塊應該可以修復它:
passenger_set_header X-Forwarded-Proto $scheme;