Nginx

添加 ssl 後的 nginx ‘ERR_TOO_MANY_REDIRECTS’

  • September 4, 2020

在我使用CertBot將Let’s Encrypt證書添加到我的網站後,當我嘗試訪問我的網站域時,我 得到了。ERR_TOO_MANY_REDIRECTS

一些資訊:

-mywebsite 使用 django、nginx 和 gunicorn 建構。

server {
server_name www.example.com example.com;

location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
   root /home/myproject;
}

location / {
   include proxy_params;
   proxy_pass http://unix:/run/gunicorn.sock;
}


listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
   if ($host = www.example.com) {
       return 301 https://$host$request_uri;
   } # managed by Certbot


if ($host = example.com) {
   return 301 https://$host$request_uri;
} # managed by Certbot

listen 80;
server_name www.example.com example.com;
return 404; # managed by Certbot

}

/etc/letsencrypt/options-ssl-nginx.conf :-

# This file contains important security parameters. If you modify this file
# manually, Certbot will be unable to automatically provide future security
# updates. Instead, Certbot will print and log an error message with a path to
# the up-to-date file that you will need to refer to when manually updating
# this file.

ssl_session_cache shared:le_nginx_SSL:1m;
ssl_session_timeout 1440m;

ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

ssl_ciphers "ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RS$

如果您需要任何其他程式碼/資訊,請告訴我謝謝

**注意:**我已經閱讀了所有具有相同問題的問題,但我仍然不知道出了什麼問題

這是因為您將所有連接重定向到 https,甚至是 https 連接,這意味著您創建了一個重定向循環。

將您的配置更改為

server {
   listen 80 default_server;
   server_name www.example.com example.com;

   return 301 https://$server_name$request_uri;
}

server {
   listen 443 ssl default_server;
   server_name www.example.com example.com;

   ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


   location /favicon.ico { 
       access_log off; 
       log_not_found off; 
   }
   location /static/ {
       root /home/myproject;
   }

   location / {
       include proxy_params;
       proxy_pass http://unix:/run/gunicorn.sock;
   }
}

雖然最好知道您的 /etc/letsencrypt/options-ssl-nginx.conf 包含什麼。

解釋:

基本上,您需要兩個“伺服器”部分,一個用於埠 80,一個用於埠 443。埠 80 (http) 部分僅包含重定向,而 443 部分包含您站點的實際設置(位置、根目錄等)。 ) 和 SSL 設置(證書、支持的協議、密碼等)。

因此,當客戶端通過 http 連接時,伺服器會告訴他轉到 https,然後 https 部分從那里處理所有內容。

在配置中使用縮進以獲得更好的可讀性和更容易的錯誤修復也是一個好主意。

注意:我發布的配置僅修復了您的重定向問題,我不知道您的實際配置是否對您的情況有效(gunicorn 等)。通常,您還應該為您的伺服器定義一個索引和一個根,如下所示:

root /home/website/mywebsite/public;
index index.html index.htm index.php;

引用自:https://serverfault.com/questions/933355