我有2台使用nginx的服务器。对于我的主服务器,一切正常,如以下方案所示:
但是在我使用owncloud的第二台服务器上,使用Firefox浏览器时,它有一个小的错误行为:
我不知道为什么它重定向到www子域。
服务器配置为:
server {
listen 80;
listen [::]:80;
listen 443 ssl;
root /var/www/www;
index index.php index.html index.htm;
server_name www.MYSERVER.eu;
if ($host ~* 'oc\.[^.]+\.[^.]+$') {
set $host_without_www $1.$2;
rewrite ^(.*) $scheme://oc.$host_without_www$1 permanent;
}
ssl_certificate /etc/ssl/certs/pem.crt;
ssl_certificate_key /etc/ssl/private/private.key;
location / {
if (!-e $request_filename)
{
rewrite ^([_0-9a-zA-Z-]+)?(/wp-.*) $2 last;
rewrite ^([_0-9a-zA-Z-]+)?(/.*\.php)$ $2 last;
rewrite ^ /index.php last;
}
}
location ~ \.php$ {
try_files $uri/ $uri /index.php?$query_string;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location /doc {
root /usr/share;
autoindex on;
allow 127.0.0.1;
deny all;
}
location /images {
expires 168h;
add_header Pragma public;
add_header Cache-Control "public, must-revalidate, proxy-revalidate";
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /var/www/www;
}
}
server {
listen 80;
listen [::]:80;
listen 443 ssl;
ssl on;
root /var/www/owncloud;
index index.php index.html index.htm;
server_name oc.MYSERVER.eu;
add_header Strict-Transport-Security "max-age=31536000";
ssl_certificate /etc/ssl/certs/pem.crt;
ssl_certificate_key /etc/ssl/private/private.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
client_max_body_size 10G; # set max upload size
fastcgi_buffers 64 4K;
rewrite ^/caldav(.*)$ /remote.php/caldav$1 redirect;
rewrite ^/carddav(.*)$ /remote.php/carddav$1 redirect;
rewrite ^/webdav(.*)$ /remote.php/webdav$1 redirect;
index index.php;
error_page 403 /core/templates/403.php;
error_page 404 /core/templates/404.php;
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /(favicon.ico|robots.txt) {
access_log off;
log_not_found off;
}
location ~ /\.ht {
deny all;
}
location ~ ^/(data|config|\.ht|db_structure\.xml|README) {
deny all;
}
location / {
# The following 2 rules are only needed with webfinger
rewrite ^/.well-known/host-meta /public.php?service=host-meta last;
rewrite ^/.well-known/host-meta.json /public.php?service=host-meta-json last;
rewrite ^/.well-known/carddav /remote.php/carddav/ redirect;
rewrite ^/.well-known/caldav /remote.php/caldav/ redirect;
rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
try_files $uri $uri/ index.php;
}
location ~ ^(.+?\.php)(/.*)?$ {
try_files $1 = 404;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param htaccessWorking true;
fastcgi_param PATH_INFO $2;
fastcgi_param HTTPS on;
fastcgi_pass 127.0.0.1:9000;
}
# Optional: set long EXPIRES header on static assets
location ~* ^.+\.(jpg|jpeg|gif|bmp|ico|png|css|js|swf)$ {
expires 30d;
# Optional: Don't log access to assets
access_log off;
}
}
这是Firefox的错误或功能吗?我的意思是在Chrome中不会发生这种情况。但是在Firefox中,他将重定向到错误的服务器。我完全不知道他为什么这样做。
另外:我也想知道我如何做到这一点:
(我想在oc子域上强制使用SSL):
所以这为我解决了。而且我不得不等一天,直到DNS /路由器获得最新信息。因此,不要期望更改会立即生效。一天后,现在可以在Firefox,Chrome和IE中使用。
因此,有关此方法的基本思想是创建一个侦听端口80的子服务器。当请求http时,该子服务器将重定向到https。正如我所说,这真的很难测试,因为浏览器会膨胀配置,并且您始终需要等待几分钟甚至几天来检查当前状态。
但最后它成功了。因此,这是您需要编辑的内容:
server {
...
server_name www.MYSERVER.eu;
...
}
server {
listen 80;
server_name oc.MYSERVER.eu;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
}
server {
listen 443 default_server ssl;
ssl on;
root /var/www/owncloud;
index index.php index.html index.htm;
server_name oc.MYSERVER.eu;
...
}
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句