是什么导致服务器中的 302 重定向

Question

有些东西正在将我在所有页面上的 https 流量重定向到 http。我在 .conf 文件或 .htaccess 中找不到错误。我试图强制 https 的一切都失败了。有些东西压倒了我的努力，并将一切都发送回 http。 示例：https://www.tjoselfstorage.com/admin

这是 .conf 文件

<VirtualHost *:80>
    DocumentRoot /var/www

    <Directory />
        Options FollowSymLinks
        AllowOverride All
    </Directory>

    # staging htpasswd protection
    <Directory /var/www/>
        SetEnvIfNoCase always_match ^ CARET_ENV=live
        Options -Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>

<VirtualHost *:443>
    DocumentRoot /var/www

    <Directory />
        Options FollowSymLinks
        AllowOverride All
    </Directory>

    # staging htpasswd protection
    <Directory /var/www/>
        SetEnvIfNoCase always_match ^ CARET_ENV=live
        Options -Indexes FollowSymLinks MultiViews
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>

    ErrorLog ${APACHE_LOG_DIR}/error.log
    LogLevel warn
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine On
    SSLCertificateFile /etc/apache2/ssl/20f8a253809bd7bd.crt
    SSLCertificateKeyFile /etc/apache2/ssl/www.tjoselfstorage.com.key
    SSLCertificateChainFile /etc/apache2/ssl/gd_bundle-g2-g1.crt
</VirtualHost>

这是我的 .htaccess

    RewriteEngine on

RewriteCond %{ENV:CARET_ENV} live [NC]
RewriteCond %{HTTP_HOST} !^www.tjoselfstorage.com$ [NC]
RewriteCond %{HTTP_HOST} ((.*).(org|net|com)|(.*).(.*).(org|net|com)|[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}) [NC]




# Remove trailing slashes
RewriteCond %{REQUEST_URI} !^/$
RewriteCond %{REQUEST_FILENAME} !__\^.php
RewriteRule ^(.*)/$ /$1 [R=301,L]

# serve thru caret if the file doesn't exist
RewriteCond %{REQUEST_FILENAME} !-f [OR]
# or if the file does exist but isn't a static resource (CSS, images, JS, etc)
RewriteCond %{REQUEST_FILENAME} !resources
# and make sure we're not already directing to caret (handles additional loops through this htaccess file)
RewriteCond %{REQUEST_FILENAME} !__\^.php
RewriteRule (.*) \__\^.php/$0 [L]

Answer 1

您的 PHP 应用程序是：

curl -Ik https://www.tjoselfstorage.com/admin
HTTP/1.1 302 Found
Date: Sun, 14 Jan 2018 04:32:08 GMT
Server: Apache/2.2.20 (Ubuntu)
X-Powered-By: PHP/5.3.6-13ubuntu3.6  <---------------!!! here!!!!
Set-Cookie: PHPSESSID=dsaapjf4cml9fdcblbjf9p9550; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Status-Code: 301
Location: http://www.tjoselfstorage.com/account/login?redirect=%2Fadmin
Vary: Accept-Encoding
Content-Type: text/html

旁注：
<Directory /> 指向文件系统中的 ROOT /。您不应该在虚拟主机中使用它，而应该在服务器配置中使用它并拒绝所有。

您当然想要的是：
<Directory /path/to/documentroot>

如果您是网站管理员，则不应使用 .htaccess。 .htaccess 不是重写库，它是非管理员用户配置特定目录的一种方式，现在您允许 httpd 读取和解释整个文件系统中的任何 .htaccess。非常不安全而且速度很慢。