問:為什么讓所有的http都重定向到https呢?
答:因為這樣會使網站更安全些。
那么我是如何在nginx配置,讓輸入http://www.youcongtech.com或者youcongtech.com全部都重定向到https://www.youcongtech.com的呢?
其實我僅僅只是在nginx.conf配置文件中的server配置了如下:
rewrite ^(.*)$ https://$host$1 permanent;
這段配置的含義將所有的http請求通過rewrite重寫到https上。
下面貼一下我的nginx.conf配置文件(主要重要的):
upstream www.youcongtech.com{ server 39.107.110.227:2019; } server { listen 80; server_name www.youcongtech.com; rewrite ^(.*)$ https://$host$1 permanent; #charset koi8-r; #access_log logs/host.access.log main; location ~ / { root /usr/local/nginx/html; index index.html index.htm; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } server { listen 443; server_name www.youcongtech.com; ssl on; index index.html; ssl_certificate /usr/local/nginx/cert/18540291_www.youcongtech.com.pem; ssl_certificate_key /usr/local/nginx/cert/18540291_www.youcongtech.com.key; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $http_host; proxy_redirect off; expires off; sendfile off; proxy_pass http://www.youcongtech.com; root /usr/local/nginx/html; index index.html index.htm; } location ~ ^/blog/(.*){ proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_pass http://www.youcongtech.com; #轉向tomcat處理 } }
上面參數到底是什么意思,加或者不加到底會怎么樣,關於nginx參數詳解和更好的優化,后續會有詳細的講解,我會繼續編寫我的博客系統,並以此作為案例。
當然了,如果公司涉及這塊比較多,后續我也會以公司案例來給大家講解。