nginx 配置 强制访问https
2023-09-14 09:08:39 时间
使用nginx的301状态码
server { listen 80;
if ($scheme = 'http') {
return 301 https://$server_name$request_uri;
}
# 下面是一种旧的写法
# if ( $scheme = 'http' ){rewrite ^(.*)$ https://$host$1 permanent;}
listen 443 ssl http2; server_name xxx.com; ssl_certificate /usr/local/nginx/ssl/xxx.com.crt; ssl_certificate_key /usr/local/nginx/ssl/xxx.com.key; ssl_trusted_certificate /usr/local/nginx/ssl/xxx.com.crt; # SSL ssl_session_timeout 1d; ssl_session_cache shared:SSL:10m; ssl_session_tickets off; # Mozilla Intermediate configuration ssl_protocols TLSv1.2 TLSv1.3; ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384; # OCSP Stapling ssl_stapling on; ssl_stapling_verify on; resolver 1.1.1.1 1.0.0.1 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 valid=60s; resolver_timeout 2s; # reverse proxy location / { proxy_pass http://127.0.0.1:3000; proxy_http_version 1.1; proxy_cache_bypass $http_upgrade; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; } # favicon.ico location = /favicon.ico { log_not_found off; access_log off; } # robots.txt location = /robots.txt { log_not_found off; access_log off; } # assets, media location ~* \.(?:css(\.map)?|js(\.map)?|jpe?g|png|gif|ico|cur|heic|webp|tiff?|mp3|m4a|aac|ogg|midi?|wav|mp4|mov|webm|mpe?g|avi|ogv|flv|wmv)$ { expires 7d; access_log off; } # svg, fonts location ~* \.(?:svgz?|ttf|ttc|otf|eot|woff2?)$ { add_header Access-Control-Allow-Origin "*"; expires 7d; access_log off; } # gzip gzip on; gzip_vary on; gzip_proxied any; gzip_comp_level 6; gzip_types text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml; }
相关文章
- Let’s Encrypt 通配符证书,泛域名https证书申请配置
- https-配置使用HTTPS的ASP.NET Web应用
- ASP.NET Web配置使用HTTPS实用案例
- Nginx同时支持Http和Https的配置
- 阿里云上,Ubuntu下配置Nginx,在tomcat中加了https协议就不可以了
- apache配置https
- gitlab中的几个常用界面(runner管理、gitlab-ci.yml管理、runner token管理、新建用户、拉用户入工程、拉用户入组、复制工程导入组、开通pull push权限的ssh公钥配置)
- Nginx的https配置记录以及http强制跳转到https的方法梳理
- nginx安全:配置ssl证书(https证书)
- CISCO的HTTP/HTTPS/SSH配置测试完成
- nginx 反向代理 配置 https 实现http https同时存在 经测试 支持location 规则
- nginx安全:配置ssl证书(https证书)
- uniapp小程序定位 配置permission失败问题
- 华为IPsec预共享密钥配置命令汇总
- 玩转华为ENSP模拟器系列 | 配置LDP远端会话的定时器
- 如何用visual studio 2019配置OnnxRuntime
- 第四次考核 Jimmy 学徒考核 Linux安装软件 rna-seq上游分析 Linux上游 颜色配置 命令行配色 kingfisher
- windows下安装,配置gcc编译器
- 软件测试工程师必备技能之charles基础配置
- GD(兆易创新)系列FLASH进行FPGA和ZYNQ配置固化相操作
- 编程_配置LCD控制器之获得LCD参数_基于IMX6ULL