我的地址是ratwires.space
。下面的配置正确启用:https://ratwires.space
,https://www.ratwires.space
和http://www.ratwires.space
并将http://www.ratwires.space
重定向到https://www.ratwires.space
但是它不会将http://ratwires.space
重定向到https://ratwires.space
。
这适用于在端口8080上运行Unicorn的Rails应用程序。我使用certbot添加了当前的HTTPS支持,然后调整它直到至少大多数域工作。 /etc/letsencrypt/live/ratwires.space-0002/
是*.ratwires.space
和ratwires.space
的证书。
下面的配置是从各种例子中被黑客攻击的,我真的不知道我在这里做什么。
worker_processes 1;
user root root;
pid /var/run/nginx.pid;
error_log /var/log/nginx.error.log;
events {
worker_connections 1024;
accept_mutex off;
use epoll;
}
http {
include mime.types;
default_type application/octet-stream;
access_log /var/log/nginx.access.log combined;
sendfile on;
tcp_nopush on;
tcp_nodelay off;
gzip on;
gzip_http_version 1.0;
gzip_proxied any;
gzip_min_length 500;
gzip_disable "MSIE [1-6]\.";
gzip_types text/plain text/html text/xml text/css
text/comma-separated-values
text/javascript application/x-javascript
application/atom+xml;
upstream app_server {
server unix:/root/Ratwires/shared/sockets/unicorn.sock fail_timeout=0;
}
server {
client_max_body_size 4G;
server_name *.ratwires.space;
keepalive_timeout 5;
root /root/Ratwires/public;
try_files $uri/index.html $uri.html $uri @app;
location @app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://localhost:8080;
}
error_page 500 502 503 504 /500.html;
location = /500.html {
root /root/Ratwires/public;
}
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/ratwires.space-0002/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ratwires.space-0002/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = ratwires.space) {
return 301 http://$host$request_uri;
}
server_name *.ratwires.space;
return 404; # managed by Certbot
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/ratwires.space-0002/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/ratwires.space-0002/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
}
server {
if ($host ~ ^[^.]+\.ratwires\.space$) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default deferred;
server_name *.ratwires.space;
return 404;
}}
当然它没有,事实上它的外观恰恰相反:
if ($host = ratwires.space) {
return 301 http://$host$request_uri;
}
这不是一个理想的解决方案,因为在实践中它重定向两次,但它确实适用于所有域:
worker_processes 1;
user root root; # for systems with a "nogroup"
pid /var/run/nginx.pid;
error_log /var/log/nginx.error.log;
events {
worker_connections 1024; # increase if you have lots of clients
accept_mutex off; # "on" if nginx worker_processes > 1
use epoll; # enable for Linux 2.6+
}
http {
include mime.types;
default_type application/octet-stream;
access_log /var/log/nginx.access.log combined;
sendfile on;
tcp_nopush on; # off may be better for *some* Comet/long-poll stuff
tcp_nodelay off; # on may be better for some Comet/long-poll stuff
gzip on;
gzip_http_version 1.0;
gzip_proxied any;
gzip_min_length 500;
gzip_disable "MSIE [1-6]\.";
gzip_types text/plain text/html text/xml text/css
text/comma-separated-values
text/javascript application/x-javascript
application/atom+xml;
upstream app_server {
server unix:/root/Ratwires/shared/sockets/unicorn.sock fail_timeout=0;
}
server {
client_max_body_size 4G;
server_name *.ratwires.space;
keepalive_timeout 5;
root /root/Ratwires/public;
try_files $uri/index.html $uri.html $uri @app;
location @app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://localhost:8080;
error_page 500 502 503 504 /500.html;
location = /500.html {
root /root/Ratwires/public;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/ratwires.space-0002/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ratwires.space-0002/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
return 301 https://$host$request_uri;
listen 80 default deferred;
server_name *.ratwires.space;
return 404; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/ratwires.space-0002/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/ratwires.space-0002/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}