Dot-Htaccess
htaccess 重寫規則不適用於文件擴展
我在伺服器上的同一文件夾中設置了兩個域。
IE
dl.d123.com @ /var/www/public_html/dl.domain123.com dl.domain123.com @ /var/www/public_html/dl.domain123.com
我在 /var/www/public_html/domain123.com 中有一個 htaccess 文件,其中包含以下幾行:
RewriteEngine On #Rewrite URLs to one SSL domain RewriteCond %{HTTP_HOST} ^dl\.d123\.com [NC] RewriteRule ^(.*)$ https://dl.domain123.com/$1 [L,R=301,NC]
此規則適用於任何不包含文件副檔名的 URL
dl.d123.com/folder1/folder2 redirects to dl.domain123.com/folder1/folder2
但不適用於任何包含文件副檔名的 URL
dl.d123.com/folder1/folder2/index.html stays the same.
它不僅僅是 html 擴展。與 ie png 文件相同。
伺服器設置為 nginx 作為代理。
nginx:80/443 -> apache:8080/8443
編輯:(為隱私/安全更改了域名和 IP)Nginx 配置:80
server { listen 123.123.123.123:80; server_name dl.domain123.org www.dl.domain123.org; access_log /usr/local/apache/domlogs/dl.domain123.org.bytes bytes; access_log /usr/local/apache/domlogs/dl.domain123.org.log full; error_log /usr/local/apache/domlogs/dl.domain123.org.error.log error; location / { location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh|webp)$ { root /home/s4h/dl.domain123.org; expires max; try_files $uri $uri/ @backend; } error_page 405 = @backend; error_page 500 = @custom; add_header X-Cache "HIT from Backend"; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; proxy_pass http://123.123.123.123:8181; include proxy.inc; } location @backend { internal; proxy_pass http://123.123.123.123:8181; include proxy.inc; } location @custom { internal; proxy_pass http://123.123.123.123:8181; include proxy.inc; } location ~ .*\.(php|jsp|cgi|pl|py)?$ { proxy_pass http://123.123.123.123:8181; include proxy.inc; } location ~ /\.ht {deny all;} location ~ /\.svn/ {deny all;} location ~ /\.git/ {deny all;} location ~ /\.hg/ {deny all;} location ~ /\.bzr/ {deny all;} location ~\.(ini|log|conf)$ {deny all;error_page 403 =404 / ;} disable_symlinks if_not_owner from=/home/s4h/dl.domain123.org; location /.well-known/acme-challenge { default_type "text/plain"; alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge; } location /.well-known/pki-validation { default_type "text/plain"; alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge; } }
Nginx 配置:443
server { listen 123.123.123.123:443 ssl ; server_name dl.domain123.org www.dl.domain123.org; access_log /usr/local/apache/domlogs/dl.domain123.org.bytes bytes; access_log /usr/local/apache/domlogs/dl.domain123.org.log full; error_log /usr/local/apache/domlogs/dl.domain123.org.error.log error; ssl_certificate /etc/pki/tls/certs/dl.domain123.org.bundle; ssl_certificate_key /etc/pki/tls/private/dl.domain123.org.key; ssl_protocols TLSv1.2; ssl_ciphers EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS; ssl_prefer_server_ciphers on; ssl_session_cache shared:SSL:10m; ssl_session_timeout 60m; location / { location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh|webp)$ { root /home/s4h/dl.domain123.org; expires max; try_files $uri $uri/ @backend; } error_page 405 = @backend; error_page 500 = @custom; add_header X-Cache "HIT from Backend"; add_header Strict-Transport-Security "max-age=31536000"; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; proxy_pass http://123.123.123.123:8181; include proxy.inc; } location @backend { internal; proxy_pass http://123.123.123.123:8181; include proxy.inc; } location @custom { internal; proxy_pass http://123.123.123.123:8181; include proxy.inc; } location ~ .*\.(php|jsp|cgi|pl|py)?$ { proxy_pass http://123.123.123.123:8181; include proxy.inc; } location ~ /\.ht {deny all;} location ~ /\.svn/ {deny all;} location ~ /\.git/ {deny all;} location ~ /\.hg/ {deny all;} location ~ /\.bzr/ {deny all;} location ~\.(ini|log|conf)$ {deny all;error_page 403 =404 / ;} disable_symlinks if_not_owner from=/home/s4h/dl.domain123.org; location /.well-known/acme-challenge { default_type "text/plain"; alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge; } location /.well-known/pki-validation { default_type "text/plain"; alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge; } }
dl.d123.com Nginx,僅埠 80,未安裝 SSL。
server { listen 123.123.123.123:80; server_name dl.d123.com www.dl.d123.com; access_log /usr/local/apache/domlogs/dl.d123.com.bytes bytes; access_log /usr/local/apache/domlogs/dl.d123.com.log full; error_log /usr/local/apache/domlogs/dl.d123.com.error.log error; location / { location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh|webp)$ { root /home/s4h/dl.domain123.com; expires max; try_files $uri $uri/ @backend; } error_page 405 = @backend; error_page 500 = @custom; add_header X-Cache "HIT from Backend"; add_header X-XSS-Protection "1; mode=block" always; add_header X-Content-Type-Options "nosniff" always; proxy_pass http://123.123.123.123:8181; include proxy.inc; } location @backend { internal; proxy_pass http://123.123.123.123:8181; include proxy.inc; } location @custom { internal; proxy_pass http://123.123.123.123:8181; include proxy.inc; } location ~ .*\.(php|jsp|cgi|pl|py)?$ { proxy_pass http://123.123.123.123:8181; include proxy.inc; } location ~ /\.ht {deny all;} location ~ /\.svn/ {deny all;} location ~ /\.git/ {deny all;} location ~ /\.hg/ {deny all;} location ~ /\.bzr/ {deny all;} location ~\.(ini|log|conf)$ {deny all;error_page 403 =404 / ;} disable_symlinks if_not_owner from=/home/s4h/dl.domain123.com; location /.well-known/acme-challenge { default_type "text/plain"; alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge; } location /.well-known/pki-validation { default_type "text/plain"; alias /usr/local/apache/autossl_tmp/.well-known/acme-challenge; } }
原因是 nginx 配置中的以下塊:
location ~.*\.(3gp|gif|jpg|jpeg|png|ico|wmv|avi|asf|asx|mpg|mpeg|mp4|pls|mp3|mid|wav|swf|flv|html|htm|txt|js|css|exe|zip|tar|rar|gz|tgz|bz2|uha|7z|doc|docx|xls|xlsx|pdf|iso|woff|ttf|svg|eot|sh|webp)$ { root /home/s4h/dl.domain123.org; expires max; try_files $uri $uri/ @backend; }
這告訴 nginx 直接使用上述副檔名提供文件。請注意,該列表具有
.html
和.png
副檔名。您應該在 nginx 中進行重定向:
server { listen 123.123.123.123:80; server_name dl.d123.com www.dl.d123.com; access_log /usr/local/apache/domlogs/dl.d123.com.bytes bytes; access_log /usr/local/apache/domlogs/dl.d123.com.log full; error_log /usr/local/apache/domlogs/dl.d123.com.error.log error; location / { return 301 https://www.dl.domain123.org$request_uri; } }