Nginx 服务器 http 转 https

Question

我在我的 nodeJS 服务器上安装了 NginX，并且已经进行了 Certbot SSL 身份验证。 一切正常，但是当我删除 cookie 并转到页面时，它会在 http 中加载。 有没有办法重定向到https？ 当我写“return 301 https://maarath.com$request_uri;”时，它会出错：重定向太多。 有人知道吗？ 我的配置：

server {

listen       80;
    server_name ujhonlapod.hu www.ujhonlapod.hu;

   location / {
    
    proxy_pass http://localhost:3000; # Change the port if needed
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
   

   }
listen 443 ssl; # managed by Certbot
    server_name ujhonlapod.hu www.ujhonlapod.hu;
    ssl_certificate /etc/letsencrypt/live/ujhonlapod.hu/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/ujhonlapod.hu/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot



    add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot


    ssl_trusted_certificate /etc/letsencrypt/live/ujhonlapod.hu/chain.pem; # managed by Certbot
    ssl_stapling on; # managed by Certbot
    ssl_stapling_verify on; # managed by Certbot
    add_header Content-Security-Policy upgrade-insecure-requests;

}

感谢您的回答。

Answer 1

你在使用 nginx 的 certbot 插件吗？它看起来不像。你应该删除这部分

listen 443 ssl; # managed by Certbot
    server_name ujhonlapod.hu www.ujhonlapod.hu;
    ssl_certificate /etc/letsencrypt/live/ujhonlapod.hu/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/ujhonlapod.hu/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot



    add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot


    ssl_trusted_certificate /etc/letsencrypt/live/ujhonlapod.hu/chain.pem; # managed by Certbot
    ssl_stapling on; # managed by Certbot
    ssl_stapling_verify on; # managed by Certbot
    add_header Content-Security-Policy upgrade-insecure-requests;

并清理您的配置以仅侦听端口 80。

server {

listen       80;
server_name ujhonlapod.hu www.ujhonlapod.hu;

   location / {
    
    proxy_pass http://localhost:3000; # Change the port if needed
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;  

   }
}

重新加载nginxnginx -s reload

运行 certbot sudo certbot --nginx

这应该会为您创建正确的配置。

就我个人而言，我总是会！将 http 和 https 流量分成两个服务器块，例如

server {
  listen 80;
  server_name example.com;

  if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot
}

server {
  listen 443;
  server_name example.com;
  .....

}

如果不是 100% 了解如何自行管理配置和证书，我真的建议使用该插件来管理 NGINX 配置。使用 certbot 只需 2 分钟即可使其工作。

在此处阅读更多信息：https://certbot.eff.org/instructions?ws=nginx&os=ubuntufocal