Ubuntu

為什麼在我的新站點上設置 SSL 時 nginx 會重定向到另一個站點?

  • May 24, 2018

我在 DigitalOcean 上有一個正在執行的水滴Ubuntu 16.04,我開始與我的朋友分享。他已經在 droplet 上執行了一個網頁nginx,今天我也開始在上面設置我的 Wordpress 網站。

我成功地讓我的網站在我自己的域上執行,上面有一個虛擬info.php文件來測試它是否有效。我在/etc/nginx/sites-available/.

現在我想為我的網站設置 SSL 加密,使用certbot. 我成功安裝certbot了外掛nginx。我現在面臨的問題是,當我嘗試訪問我的站點時,https://example.com/info.php或者http://example.com/info.php出現ERR_TOO_MANY_REDIRECTS錯誤。所以我去了我的網站的配置文件,看起來像這樣:

server {
       root /var/www/example.com/html;
       index index.php index.html index.htm index.nginx-debian.html;

       server_name example.com www.example.com;

       location = /favicon.ico { log_not_found off; access_log off; }
       location = /robots.txt { log_not_found off; access_log off; allow all; }
       location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ {
               expires max;
               log_not_found off;
       }

       location ~ \.php$ {
               include snippets/fastcgi-php.conf;
               fastcgi_pass unix:/run/php/php7.0-fpm.sock;
       }

       location ~ /\.ht {
               deny all;
       }

       location / {
               #try_files $uri $uri/ =404;
               try_files $uri $uri/ /index.php$is_args$args;
       }

       listen [::]:443 ssl ipv6only=on; # managed by Certbot
       listen 443 ssl; # managed by Certbot
       ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
       ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
       include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
       ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
       if ($host = www.example.com) {
               return 301 https://$host$request_uri;
       } # managed by Certbot

       if ($host = example.com) {
               return 301 https://$host$request_uri;
       } # managed by Certbot

       listen 80;
       listen [::]:80;

       server_name example.com www.example.com;
       return 404; # managed by Certbot
}

並評論了整個最後一個server區塊。現在我沒有收到錯誤,而是現在當我去https://example.com/info.php或者http://example.com/info.php我被重定向到我朋友網站的 HTTPS 版本時,說https://myfriendsite.com

這是我朋友網站的配置文件:

upstream mysite_development {
   server unix:/webapps/Backend/mysite/run/gunicorn.sock
       fail_timeout=0;
}

server {
   listen 80;
   server_name *.myfriendsite.com;
   return 301 https://myfriendsite.com$request_uri;
   # rewrite ^/(.*) https://myfriendsite.com/$1 permanent;
}

server {
   listen 443 ssl;
   server_name myfriendsite.com;

   client_max_body_size 4G;

   ssl on;
   ssl_certificate /webapps/Backend/certificates/cert_chain.crt;
   ssl_certificate_key /webapps/Backend/certificates/myfriendsite.com.key;

   access_log /webapps/Backend/logs/nginx-access.log;
   error_log /webapps/Backend/logs/nginx-error.log;

   location /static/ {
       alias /webapps/Backend/mysite/static/;
   }

   location /media/price_list/ {
       internal;
       alias /webapps/Backend/mysite/media/price_list/;
   }

   location /media/electronic_bill/ {
       internal;
       types { application/octet-stream .pdf; }
       default_type  application/octet-stream;
       alias /webapps/Backend/mysite/media/electronic_bill/;
   }

   location /media/ {
       alias /webapps/Backend/mysite/media/;
   }

   location /assets/ {
       alias /webapps/Backend/mysite/static/assets/;
   }

   location / {
       proxy_set_header X-Forwarded-Proto $scheme;
       try_files $uri @proxy_to_app;
   }

   location @proxy_to_app {
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header Host $host;
       proxy_redirect off;
       proxy_pass http://mysite_development;
   }
}

server {
   listen 443 ssl;
   server_name *.myfriendsite.com;
   return 301 https://myfriendsite.com$request_uri;
}

如果我從我的網站中刪除 SSL,它就會開始按預期工作,但是一旦我為我的網站啟用 SSL,它就會被重定向到我的朋友網站!我真的找不到導致重定向的原因。

編輯:如果它很重要,我使用 Cloudflare 作為我的 DNS 伺服器。我的朋友正在使用 DigitalOcean 提供的 DNS 伺服器。

好吧,這不是問題nginx,問題與 Cloudflare Flexible SSL 有關。我通過在 Cloudflare Dashboard中將 SSL 模式從更改為Flexible來解決了這個問題。Strict

您可以在此處閱讀有關此內容的更多資訊。

引用自:https://serverfault.com/questions/913541