【发布时间】:2017-06-15 18:16:30
【问题描述】:
我已将所有 www 重定向到非 www 并为我的网站启用了 https/ssl。
我的目标是为此根级别(非子域)上的域/站点启用 https/ssl,但启用 ssl 并将任何 http://domain.com/shop 流量重定向到 https://domain.com/shop 子目录 /shop
基本上网站的所有流量都应该是 301 到 http://domain.com,任何到 /shop 子目录的流量都应该是 https://domain.com/shop
根站点是 WordPress /shop 是 Magento
这是我在 /etc/nginx/sites-available 中的 domain.conf 的内容
server {
server_name www.domain.com www.domain2.com;
return 301 $scheme://domain.com$request_uri;
}
server {
server_name domain.com domain2.com;
listen 80 default_server ipv6only=on;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
include /etc/nginx/ssl.conf;
root /home/domain/public_html;
set $no_cache 0;
location /admin {
set $no_cache 1;
}
location = /favicon.ico {
try_files $uri =204;
}
location ~* \.(jpe?g|gif|css|png|js|ico|pdf|zip|tar|t?gz|mp3|wav|swf)$ {
expires max;
}
location / {
index index.html index.php;
try_files $uri $uri/ @handler;
#rewrite ^/my-url.html /my-url/ permanent;
#rewrite ^/my-url.html http://domain.co.uk/ permanent;
expires 7d;
}
location /shop {
try_files $uri /shop/index.php;
}
location /shop/downloader {
# rewrite ^/shop/downloader /shop/downloader/index.php; NO
try_files $uri /shop/downloader/index.php;
}
location ~ ^/(app|includes|media/downloadable|pkginfo|report/config.xml|var)/ { deny all; }
location ~ ^/(info.php|var/export/)/ {
auth_basic "Restricted Access";
auth_basic_user_file /etc/nginx/htpasswd;
}
location @handler {
rewrite / /index.php;
}
location ~ .php/ {
rewrite ^(.*.php)/ $1 last;
}
location ~ .php$ {
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
fastcgi_param MAGE_RUN_TYPE website;
fastcgi_param MAGE_RUN_CODE base;
fastcgi_cache phpcache; # The name of the cache key-zone to use
fastcgi_cache_valid 200 30m; # What to cache: 'code 200' responses, for half an hour
fastcgi_cache_methods GET HEAD; # What to cache: only GET and HEAD requests (ot POST)
add_header X-Fastcgi-Cache $upstream_cache_status; # Allow us to see if the cache was HIT, MISS, or BYPASSED inside a browser's Inspector panel
fastcgi_cache_bypass $no_cache; # Dont pull from the cache if true
fastcgi_no_cache $no_cache; # Dont save to the cache if true
include fastcgi_params;
}
location ~ ([^/]*)sitemap(.*)\.x(m|s)l$ {
## this redirects sitemap.xml to /sitemap_index.xml
rewrite ^/sitemap\.xml$ /sitemap_index.xml permanent;
## this makes the XML sitemaps work
rewrite ^/([a-z]+)?-?sitemap\.xsl$ /index.php?xsl=$1 last;
rewrite ^/sitemap_index\.xml$ /index.php?sitemap=1 last;
rewrite ^/([^/]+?)-sitemap([0-9]+)?\.xml$ /index.php?sitemap=$1&sitemap_n=$2 last;
## The following lines are optional for the premium extensions
## News SEO
rewrite ^/news-sitemap\.xml$ /index.php?sitemap=wpseo_news last;
## Local SEO
rewrite ^/locations\.kml$ /index.php?sitemap=wpseo_local_kml last;
rewrite ^/geo-sitemap\.xml$ /index.php?sitemap=wpseo_local last;
## Video SEO
rewrite ^/video-sitemap\.xsl$ /index.php?xsl=video last;
}
include /etc/nginx/minify.conf;
include /etc/nginx/scripts.conf;
location ~ /wp-content/cache/minify.*\.js$ {
types {}
default_type application/x-javascript;
expires modified 31536000s;
add_header Vary "Accept-Encoding";
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public";
}
location ~ /wp-content/cache/minify.*\.css$ {
types {}
default_type text/css;
expires modified 31536000s;
add_header Vary "Accept-Encoding";
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public";
}
location ~ /wp-content/cache/minify.*js\.gzip$ {
gzip off;
types {}
default_type application/x-javascript;
expires modified 31536000s;
add_header Vary "Accept-Encoding";
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public";
add_header Content-Encoding gzip;
}
location ~ /wp-content/cache/minify.*css\.gzip$ {
gzip off;
types {}
default_type text/css;
expires modified 31536000s;
add_header Vary "Accept-Encoding";
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public";
add_header Content-Encoding gzip;
}
location ~ \.(css|htc|less|js|js2|js3|js4)$ {
expires 31536000s;
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public";
}
location ~ \.(htm|rtf|rtx|svg|svgz|xsd|xsl|xml)$ {
expires 3600s;
add_header Pragma "public";
add_header Cache-Control "max-age=3600, public";
}
location ~ \.(asf|asx|wax|wmv|wmx|avi|bmp|class|divx|doc|docx|eot|exe|gif|gz|gzip|ico|jpg|jpeg|jpe|json|mdb|mid|midi|mov|qt|mp3|m4a|mp4|m4v|mpeg|mpg|mpe|mpp|otf|odb|odc|odf|odg|odp|ods|odt|ogg|pdf|png|pot|pps|ppt|pptx|ra|ram|svg|svgz|swf|tar|tif|tiff|ttf|ttc|wav|wma|wri|woff|xla|xls|xlsx|xlt|xlw|zip)$ {
expires 31536000s;
add_header Pragma "public";
add_header Cache-Control "max-age=31536000, public";
}
rewrite ^/wp-content/cache/minify.*/w3tc_rewrite_test$ /wp-content/plugins/w3-total-cache/pub/minify.php?w3tc_rewrite_test=1 last;
set $w3tc_enc "";
if ($http_accept_encoding ~ gzip) {
set $w3tc_enc .gzip;
}
if (-f $request_filename$w3tc_enc) {
rewrite (.*) $1$w3tc_enc break;
}
rewrite ^/wp-content/cache/minify/(.+/[X]+\.css)$ /wp-content/plugins/w3-total-cache/pub/minify.php?test_file=$1 last;
rewrite ^/wp-content/cache/minify/(.+\.(css|js))$ /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1 last;
}
【问题讨论】:
-
我认为为域本身购买 SSL 证书更容易,子目录也被考虑在内。并且您的整个网站都受到 SSL 的保护,这是唯一的优势。
-
我了解拥有完整 ssl 站点的优势,但我仍然希望仅对 shop 子目录使用 ssl。我已经为域本身购买了 ssl 证书。
-
在阅读了nakedsecurity.sophos.com/2016/09/09/… 之后,我决定继续使用所有 ssl