Все конечные точки, кроме root, перенаправляют на HTTPS - PullRequest
Новая
       9

Все конечные точки, кроме root, перенаправляют на HTTPS

0 голосов
/ 05 сентября 2018

Мой адрес ratwires.space. Конфигурация ниже правильно включает: https://ratwires.space, https://www.ratwires.space и http://www.ratwires.space и перенаправляет http://www.ratwires.space на https://www.ratwires.space, однако не перенаправляет http://ratwires.space на https://ratwires.space.

Это для приложения Rails с Unicorn, работающим на порте 8080. Я добавил текущую поддержку HTTPS с помощью certbot, а затем настраивал ее, пока, по крайней мере, большинство доменов не заработало. /etc/letsencrypt/live/ratwires.space-0002/ является сертификатом для *.ratwires.space и ratwires.space.

Приведенный ниже конфиг взломан из различных примеров, и я не знаю, что я здесь делаю. 

worker_processes 1;
user root root;

pid /var/run/nginx.pid;
error_log /var/log/nginx.error.log;

events {
  worker_connections 1024;
  accept_mutex off;
  use epoll;
}

http {
  include mime.types;
  default_type application/octet-stream;
  access_log /var/log/nginx.access.log combined;
  sendfile on;

  tcp_nopush on;
  tcp_nodelay off;
  gzip on;
  gzip_http_version 1.0;
  gzip_proxied any;
  gzip_min_length 500;
  gzip_disable "MSIE [1-6]\.";
  gzip_types text/plain text/html text/xml text/css
             text/comma-separated-values
             text/javascript application/x-javascript
             application/atom+xml;

  upstream app_server {
    server unix:/root/Ratwires/shared/sockets/unicorn.sock fail_timeout=0;
  }

  server {

    client_max_body_size 4G;
    server_name *.ratwires.space;
    keepalive_timeout 5;
    root /root/Ratwires/public;
    try_files $uri/index.html $uri.html $uri @app;

    location @app {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Host $http_host;
      proxy_redirect off;

      proxy_pass http://localhost:8080;
    }
    error_page 500 502 503 504 /500.html;
    location = /500.html {
      root /root/Ratwires/public;
    }


    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/ratwires.space-0002/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ratwires.space-0002/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


  server {
    if ($host = ratwires.space) {
        return 301 http://$host$request_uri;
    }


    server_name *.ratwires.space;
    return 404; # managed by Certbot

    listen 443 ssl;
    ssl_certificate /etc/letsencrypt/live/ratwires.space-0002/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/ratwires.space-0002/privkey.pem;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 


}


  server {
    if ($host ~ ^[^.]+\.ratwires\.space$) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80 default deferred;
    server_name *.ratwires.space;
    return 404;


}}

Ответы [ 2 ]

0 голосов
/ 06 сентября 2018

Это не идеальное решение, поскольку на практике оно перенаправляет дважды, но работает для всех доменов: 

worker_processes 1;
user root root; # for systems with a "nogroup"
pid /var/run/nginx.pid;
error_log /var/log/nginx.error.log;

events {
  worker_connections 1024; # increase if you have lots of clients
  accept_mutex off; # "on" if nginx worker_processes > 1
  use epoll; # enable for Linux 2.6+

}

http {
  include mime.types;
  default_type application/octet-stream;
  access_log /var/log/nginx.access.log combined;
  sendfile on;
  tcp_nopush on; # off may be better for *some* Comet/long-poll stuff
  tcp_nodelay off; # on may be better for some Comet/long-poll stuff

  gzip on;
  gzip_http_version 1.0;
  gzip_proxied any;
  gzip_min_length 500;
  gzip_disable "MSIE [1-6]\.";
  gzip_types text/plain text/html text/xml text/css
             text/comma-separated-values
             text/javascript application/x-javascript
             application/atom+xml;

  upstream app_server {
    server unix:/root/Ratwires/shared/sockets/unicorn.sock fail_timeout=0;
  }

  server {
    client_max_body_size 4G;
    server_name *.ratwires.space;
    keepalive_timeout 5;
    root /root/Ratwires/public;
    try_files $uri/index.html $uri.html $uri @app;
    location @app {
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header X-Forwarded-Proto $scheme;
      proxy_set_header Host $http_host;
      proxy_redirect off;
      proxy_pass http://localhost:8080;
    error_page 500 502 503 504 /500.html;
    location = /500.html {
      root /root/Ratwires/public;
    }
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/ratwires.space-0002/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/ratwires.space-0002/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

  server {
    return 301 https://$host$request_uri;
    listen 80 default deferred;
    server_name *.ratwires.space;
    return 404; # managed by Certbot

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/ratwires.space-0002/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/ratwires.space-0002/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
0 голосов
/ 06 сентября 2018

Конечно, это не так, на самом деле это выглядит наоборот: 

if ($host = ratwires.space) {
    return 301 http://$host$request_uri;
}
...