将 http 请求重定向到 nginx 服务器上的 https

Question

我正在使用 ubuntu 14.04 和 nginx 在数字海洋服务器上运行应用程序。我的应用程序通过 gunicorn 运行。我想将http请求直接重定向到https。 我试过了

server {
    # Running port
    listen 80;
    server_name example.com www.example.com;

    return 301 https://$host$request_uri;

它适用于野生动物园。但它不适用于 Chrome 或 Firefox？知道我做错了什么吗？ 我在下面附上了整个 nginx.conf 文件

worker_processes 1;

events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;

    sendfile on;

    gzip              on;
    gzip_http_version 1.1;
    gzip_comp_level   5;
    gzip_proxied      any;
    gzip_min_length   256;
    gzip_vary         on;

    # Configuration containing list of application servers
    upstream app_servers {
        server 127.0.0.1:8080;
    }

    # Configuration for Nginx
    server {
        # Running port
        listen 80;
        server_name example.com www.example.com;

        return 301 https://$host$request_uri;

        # Settings to serve static files
        location /static/  {

            # Example:
            # root /full/path/to/application/static/file/dir;
            root /var/www/example/app/;

            location ~*  \.(jpg|woff|jpeg|png|gif|ico|css)$ {
                expires 30d;
            }

            location ~*  \.(js)$ {
                expires 1d;
            }

            # we do not cache html, xml or json
            location ~* \.(?:manifest|appcache|html?|xml|json)$ {
                expires -1;
                # access_log logs/static.log; # I don't usually include a static log
            }

            location ~*  \.(pdf)$ {
                expires 30d;
            }
        }

        # Serve a static file (ex. favico)
        # outside /static directory
        location = /favico.ico  {

            root /app/favico.ico;
            gzip_static on;
        }
    }

    server {
        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

        ssl_dhparam /etc/ssl/certs/dhparam.pem;

        # Proxy connections to the application servers
        # app_servers
        location / {
            proxy_connect_timeout 300s;
            proxy_read_timeout 300s;
            proxy_pass         http://app_servers;
            proxy_redirect     off;
            # proxy_redirect http:// https://;
            proxy_set_header   Host $host;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Host $server_name;
        }
    }
}

Answer 1

首先，您不应该在 http 上提供任何服务。一切都应该在 https 上，即使是 favico.ico

worker_processes 1;

events {
    worker_connections 1024;
}

http {
    include /etc/nginx/mime.types;

    sendfile on;

    gzip              on;
    gzip_http_version 1.1;
    gzip_comp_level   5;
    gzip_proxied      any;
    gzip_min_length   256;
    gzip_vary         on;

    # Configuration containing list of application servers
    upstream app_servers {
        server 127.0.0.1:8080;
    }

    # Configuration for Nginx
    server {
        # Running port
        listen 80;
        server_name example.com www.example.com;

        return 301 https://$host$request_uri;

    }

    server {
        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/www.example.com/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/www.example.com/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot

        ssl_dhparam /etc/ssl/certs/dhparam.pem;

        # Settings to serve static files
        location /static/  {

            # Example:
            # root /full/path/to/application/static/file/dir;
            root /var/www/example/app/;

            location ~*  \.(jpg|woff|jpeg|png|gif|ico|css)$ {
                expires 30d;
            }

            location ~*  \.(js)$ {
                expires 1d;
            }

            # we do not cache html, xml or json
            location ~* \.(?:manifest|appcache|html?|xml|json)$ {
                expires -1;
                # access_log logs/static.log; # I don't usually include a static log
            }

            location ~*  \.(pdf)$ {
                expires 30d;
            }
        }

        # Serve a static file (ex. favico)
        # outside /static directory
        location = /favico.ico  {

            root /app/favico.ico;
            gzip_static on;
        }

        # Proxy connections to the application servers
        # app_servers
        location / {
            proxy_connect_timeout 300s;
            proxy_read_timeout 300s;
            proxy_pass         http://app_servers;
            proxy_redirect     off;
            # proxy_redirect http:// https://;
            proxy_set_header   Host $host;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Host $server_name;
        }
    }
}

接下来，当您在 chrome 或任何其他浏览器中进行测试时，请确保打开私人或隐身窗口。