Nginx

為 nginx 中的某些路徑禁用 https 會導致 ELB 後面的實例進入重定向循環

  • July 24, 2012

我正在使用 elb 終止的 ssl。我想強制 /product/performancesummaries/ 僅是 HTTP。這是我正在使用的目前配置:

user www-data;
worker_processes 2;
pid /var/run/nginx.pid;

events {
       worker_connections 1024;
       # multi_accept on;
}

http {

       ##
       # Basic Settings
       ##

       sendfile on;
       tcp_nopush on;
       tcp_nodelay on;
       keepalive_timeout 65;
       types_hash_max_size 2048;
       # server_tokens off;

       # server_names_hash_bucket_size 64;
       # server_name_in_redirect off;

       include /etc/nginx/mime.types;
       default_type application/octet-stream;

       ##
       # Logging Settings
       ##

       access_log /var/log/nginx/access.log;
       error_log /var/log/nginx/error.log;

       ##
       # Gzip Settings
       ##

       gzip on;
       gzip_disable "msie6";

       gzip_vary on;
       gzip_proxied any;
       gzip_comp_level 1;
       gzip_buffers 32 8k;
       gzip_http_version 1.1;
       gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;

       ##
       # Virtual Host Configs
       ##

       include /etc/nginx/conf.d/*.conf;
       include /etc/nginx/sites-enabled/*;

       # uWSGI serving Django.
       upstream django {
           # Distribute requests to servers based on client IP. This keeps load
           # balancing fair but consistent per-client. In this instance we're
           # only using one uWGSI worker anyway.
           ip_hash;
           server unix:/tmp/uwsgi.sock;
       }

 server {
   listen      80;
   server_name www.7geese.com *.amazonaws.com;
   charset     utf-8;


   # Your project's static media.
   location /static/ {
     alias /home/ubuntu/.virtualenvs/7geese/sevengeese/static_files/;
   }

   location /product/performancesummaries/ {
     if ($http_x_forwarded_proto = "https") {
         rewrite ^ http://$host$uri permanent;
     }
     uwsgi_pass  django;
     include     uwsgi_params;
   }

   # Finally, send all non-media requests to the Django server.
   location / {
     if ($http_x_forwarded_proto != "https") {
         rewrite ^ https://$host$uri permanent;
     }
     uwsgi_pass  django;
     include     uwsgi_params;
   }
 }

}

當我訪問**/product/performancesummaries/**時,它進入一個無限重定向循環,從 http 重定向到 https 到 http 等。為什麼它會進入無限重定向循環以及如何停止它。

您有兩個location塊,其中一個將 HTTPS 重定向到 HTTP /product/performancesummaries/

 if ($http_x_forwarded_proto = "https") {
     rewrite ^ http://$host$uri permanent;
 }

另一個將 HTTP 重定向到 HTTPS /(這就是一切):

 if ($http_x_forwarded_proto != "https") {
     rewrite ^ https://$host$uri permanent;
 }

這可能是問題的原因,儘管我不完全確定為什麼兩個locations 都會被處理。nginx 似乎在少數情況下會這樣做。

我會嘗試通過從HTTP 到 HTTPS 重定向中排除來解決此問題: /product/performancesummaries/``location /

     rewrite ^((?!/product/performancesummaries/).) https://$host$uri permanent;

引用自:https://serverfault.com/questions/410542