nginx 不會將 http 重定向到 https
我有一個 nginx docker 正在執行,有多個
site-config
文件。其中之一隻是所有 http 連接到 https 的一般重定向:
server { listen 80; server_name *.example.com example.com; return 301 https://$host$request_uri; }
所有其他
site-config
文件都用於我的其他碼頭工人/服務,如 Nextcloud 和 Plex。每當我在我選擇的瀏覽器(甚至 IE)中輸入例如https://plex.example.com時,它都會顯示帶有 ssh 連接的正確網頁。
但是,輸入http://plex.example.com只會返回一個空頁面,在這種情況下不會將我重定向到 Plex。
有人有想法嗎?
PS: 預設
site-config
文件為空。但由於所有site-configs
服務/碼頭工人都在工作,我猜,在一個額外的文件中進行重定向不會成為問題。PPS: 這是一個範例訪問日誌。錯誤日誌為空(超過 3 個月沒有新條目)。該日誌來自通過 https 訪問我的 plex-server。通過 http 訪問任何內容都不會創建日誌條目。
192.168.0.2 - - [13/Nov/2017:21:53:02 +0100] "GET / HTTP/1.1" 401 157 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 192.168.0.2 - - [13/Nov/2017:21:53:02 +0100] "GET /web/index.html HTTP/1.1" 200 1650 "https://plex.example.com/" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 192.168.0.2 - - [13/Nov/2017:21:53:02 +0100] "GET /web/main.8883144fb7acc2430ef50eda6c1a41c8.css HTTP/1.1" 200 764765 "https://plex.example.com/web/index.html" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 192.168.0.2 - - [13/Nov/2017:21:53:02 +0100] "GET /web/main.v3.3a6aa4986f36a5810792d74118deda14.css HTTP/1.1" 200 214735 "https://plex.example.com/web/index.html" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 192.168.0.2 - - [13/Nov/2017:21:53:02 +0100] "GET /web/js/vendors-1-d55a6a600958df7159e4-plex-3.20.7-d87fe16.js HTTP/1.1" 200 1148751 "https://plex.example.com/web/index.html" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 192.168.0.2 - - [13/Nov/2017:21:53:02 +0100] "GET /web/js/main-0-2a819e76950d4ad197a8-plex-3.20.7-d87fe16.js HTTP/1.1" 200 3259450 "https://plex.example.com/web/index.html" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 192.168.0.2 - - [13/Nov/2017:21:53:02 +0100] "GET /web/common/img/backgrounds/preset-dark.5b95c8c24aab87067b69bca7ae11759a.png HTTP/1.1" 200 40582 "https://plex.example.com/web/index.html" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 192.168.0.2 - - [13/Nov/2017:21:53:02 +0100] "GET /web/translations/de.json HTTP/1.1" 200 128137 "https://plex.example.com/web/index.html" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 192.168.0.2 - - [13/Nov/2017:21:53:02 +0100] "GET /web/common/img/backgrounds/noise.0e9cf16a17adb19690cd31312cdaa809.png HTTP/1.1" 200 94668 "https://plex.example.com/web/index.html" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 192.168.0.2 - - [13/Nov/2017:21:53:03 +0100] "GET /web/favicon.ico HTTP/1.1" 200 5430 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; Trident/7.0; rv:11.0) like Gecko" 192.168.0.2 - - [13/Nov/2017:21:53:03 +0100] "GET /?X-Plex-Product=Plex%20Web&X-Plex-Version=3.20.7&X-Plex-Client-Identifier=yi606rcck7j3x9lx3wafhzgx&X-Plex-Platform=Internet%20Explorer&X-Plex-Platform-Version=11.0&X-Plex-Device=Windows&X-Plex-Device-Name=Plex%20Web%20%28Internet%20Explorer%29&X-Plex-Device-Screen-Resolution=1149x738%2C2560x1440 HTTP/1.1" 401 157 "https://plex.example.com/web/index.html" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 192.168.0.2 - - [13/Nov/2017:21:53:03 +0100] "GET /identity?X-Plex-Product=Plex%20Web&X-Plex-Version=3.20.7&X-Plex-Client-Identifier=yi606rcck7j3x9lx3wafhzgx&X-Plex-Platform=Internet%20Explorer&X-Plex-Platform-Version=11.0&X-Plex-Device=Windows&X-Plex-Device-Name=Plex%20Web%20%28Internet%20Explorer%29&X-Plex-Device-Screen-Resolution=1149x738%2C2560x1440 HTTP/1.1" 200 160 "https://plex.example.com/web/index.html" "Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko" 192.168.0.2 - - [13/Nov/2017:21:53:06 +0100] "POST /index.php/heartbeat HTTP/1.1" 200 31 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/61.0.3163.100 Safari/537.36"
P3S: 結果
curl -i http://cloud.example.com/
:HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm='unRAID SMU' Server: emhttp Connection: close Content-Type: text/plain Content-Length: 16 401 Unauthorized
訪問日誌條目:未創建條目
結果
curl -i https://cloud.example.com/
:HTTP/1.1 302 Found Server: nginx/1.12.2 Date: Mon, 13 Nov 2017 21:20:39 GMT Content-Type: text/html; charset=UTF-8 Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/7.1.9 Set-Cookie: oc367h1rrnkw=6033cj2p99saalb4csog6k47p5; path=/; HttpOnly Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate Pragma: no-cache Set-Cookie: oc_sessionPassphrase=SECRETPASSPHRASE; path=/; secure; HttpOnly Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-eval' 'nonce-cHlJeHJhUFhzZWJmdDdwSWVkVisrYUFPMGVVd1p1eDJXSW44TkhESE9HND06eVZ0dzFPU1p3N1d1OE1BdEhib3cxdk1obWFwMFBvSThhc0dVZnlTZ0NUMD0='; style-src 'self' 'unsafe-inline'; frame-src *; img-src * data: blob:; font-src 'self' data:; media-src *; connect-src *; object-src 'none'; base-uri 'self'; X-Frame-Options: SAMEORIGIN Set-Cookie: __Host-nc_sameSiteCookielax=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=lax Set-Cookie: __Host-nc_sameSiteCookiestrict=true; path=/; httponly;secure; expires=Fri, 31-Dec-2100 23:59:59 GMT; SameSite=strict Location: https://cloud.example.com/index.php/login X-Content-Type-Options: nosniff X-XSS-Protection: 1; mode=block X-Robots-Tag: none X-Download-Options: noopen X-Permitted-Cross-Domain-Policies: none Strict-Transport-Security: max-age=63072000; includeSubdomains Front-End-Https: on
訪問日誌條目:
192.168.0.2 - - [13/Nov/2017:22:24:11 +0100] "GET / HTTP/1.1" 302 5 "-" "curl/7.47.0"
P4S 結果
netstat -natup | grep nginx
:tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 305/nginx.conf tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 305/nginx.conf tcp 0 0 172.17.0.5:443 192.168.0.2:56973 ESTABLISHED 336/nginx: worker p tcp 0 0 172.17.0.5:443 192.168.0.2:56977 ESTABLISHED 336/nginx: worker p tcp 0 0 172.17.0.5:443 192.168.0.2:56981 ESTABLISHED 336/nginx: worker p tcp 0 0 172.17.0.5:443 192.168.0.2:56722 ESTABLISHED 336/nginx: worker p tcp 0 0 172.17.0.5:443 192.168.0.2:56976 ESTABLISHED 336/nginx: worker p tcp 0 0 172.17.0.5:443 192.168.0.2:56980 ESTABLISHED 336/nginx: worker p tcp 0 0 172.17.0.5:443 192.168.0.2:56971 ESTABLISHED 336/nginx: worker p tcp 0 0 172.17.0.5:443 192.168.0.2:56966 ESTABLISHED 335/nginx: worker p
我發現了問題。首先,關於我的伺服器/設置的一些事情:它的監控 GUI 預設在埠 80 上執行,從不關心改變它。我所做的只是將外部埠 80 映射到伺服器上的埠 84。使用 84 作為埠 let’sencrypt/nginx 正在監聽。
現在隨著我的路由器最近的軟體更新,它選擇在從我的 LAN 中訪問 URL 時忽略埠映射。因此,我通過 http 請求訪問伺服器 GUI,並
Access Denied
在 curl 中得到錯誤。在我跟踪到我的伺服器的連接後得到了這個想法。
我可能會將伺服器 GUI 的埠更改為其他內容。但是現在我很高興,一切都很好