php - 重定向错误(certbot 续订/nginx 后)
问题描述
我的网络服务器的这个配置部分工作(实际的 Ubuntu)。如果最新的 Firefox 通过智能手机使用该站点,则会导致重定向错误。其他一些浏览器可能工作,但不可靠。我试图删除浏览器缓存并重新启动/重新加载 nginx-server。NGINX 配置中是否有错误?当我使用 certbot 更新 SSL 证书时,问题首先出现。谢谢!
server {
listen 443 ssl;
listen [::]:443 ssl;
# SSL configuration
#
# listen 443 ssl default_server;
# listen [::]:443 ssl default_server;
#
# Note: You should disable gzip for SSL traffic.
# See: https://bugs.debian.org/773332
#
# Read up on ssl_ciphers to ensure a secure configuration.
# See: https://bugs.debian.org/765782
#
# Self signed certs generated by the ssl-cert package
# Don't use them in a production server!
#
# include snippets/snakeoil.conf;
server_name sozcafe.de;
location / {
root /var/www/html;
index index.php;
try_files $uri $uri/ @rewrite;
}
location @rewrite {
rewrite ^/(forum/|chat/|cms/|wcf/|calendar/|filebase/|blog/|gallery/)?([^.]+)$ /$1index.php?$2 last;
}
ssl_certificate /etc/letsencrypt/live/sozcafe.de/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sozcafe.de/privkey.pem; # managed by Certbot
#ssl_certificate /etc/letsencrypt/live/www.coffeecat.de/cert.pem;
#ssl_certificate_key /etc/letsencrypt/live/www.coffeecat.de/privkey.pem;
# pass PHP scripts to FastCGI server
#
location ~ \.php$ {
root /var/www/html;
index index.php;
include snippets/fastcgi-php.conf;
#
# # With php-fpm (or other unix sockets):
fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
# # With php-cgi (or other tcp sockets):
# fastcgi_pass 127.0.0.1:9000;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
#
#location ~ /\.ht {
# deny all;
#}
}
server {
server_name sozcafe.de www.sozcafe.de;
return 301 https://$server_name$request_uri;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sozcafe.de/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sozcafe.de/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.sozcafe.de) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = sozcafe.de) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name sozcafe.de www.sozcafe.de;
return 404; # managed by Certbot
}
解决方案
仔细查看您的配置文件,您会发现您正在两个服务器块中侦听相同的端口 ( 443)、相同的服务器名称 ( sozcafe.de),第一个和第二个更具体。将语句return 301 https://$server_name$request_uri放在配置的第二个服务器块中会导致“无限循环”的效果,因为每次您访问您的域时,nginx总是重定向到该服务器块。
我怀疑 Certbot 在您运行它时添加了其中一个。
您可以通过在第二个服务器块中删除sozcafe.de以仅重定向www域而不是目标域本身来解决它。
server {
# server_name sozcafe.de www.sozcafe.de;
server_name www.sozcafe.de;
return 301 https://$server_name$request_uri;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/sozcafe.de/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/sozcafe.de/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
推荐阅读
- embed - 如何在网页上嵌入显示插入的任务窗格加载项的 Excel 工作簿?
- node.js - Node Express:如何缓存`sendFile`?
- typescript - 我们如何生成 Uniswap 子图构建文件夹?
- flutter - 从 JsLinkedHashMap 获取所有值
- azure - 如何使用 Pester 测试框架编写一个小测试函数
- python - PyCharm 中的 Azure 函数本地设置并发布到 Azure
- python-3.x - 如果 telnet 正在接收数据,则为布尔值
- python - 到目前为止,按同一组中的聚合元素分组 - Pandas
- apache-kafka - Spring Kafka Streams Binder - 批处理和重试
- pool - 结合 Akka(类型化)actor 池和发现来实现actor依赖