实现SSL (Digital Ocean + Nginx + Cloudflare)
所以我有一个托管在Digital Ocean上的网站,使用Nginx web服务器v.1.2.1和Wordpress CMS。之后,我决定使用Cloudflare服务。Cloudflare提供了免费的灵活的SSL,我想在我的网站上使用它。
这是我网站的nginx配置:
server {
listen 80;
#listen [::]:80 ipv6only=on default_server;
server_name pasangbatu.com www.pasangbatu.com;
root /srv/www/pasangbatu.com/public_html;
access_log /srv/www/pasangbatu.com/logs/access.log;
error_log /srv/www/pasangbatu.com/logs/error.log;
if ($http_host != "www.pasangbatu.com") {
rewrite ^ http://www.pasangbatu.com$request_uri permanent;
}
index index.php index.html;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
# Use gzip compression
# gzip_static on; # Uncomment if you compiled Nginx using --with-http_gzip_static_module
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 5;
gzip_buffers 16 8k;
gzip_http_version 1.0;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript image/png image/gif image/jpeg;
#location ~ ^/wp-content/cache/minify/[^/]+/(.*)$ {
# try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
#}
#location ~ ^/wp-content/plugins/wp-minify/min/[^/]+/(.*)$ {
# try_files $uri /wp-content/plugins/w3-total-cache/pub/minify.php?file=$1;
# wp-minify/cache
#}
# Don't cache uris containing the following segments
if ($request_uri ~* "(\/wp-admin\/|\/xmlrpc.php|\/wp-(app|cron|login|register|mail)\.php|wp-.*\.php|index\.php|wp\-comments\-popup\.php|wp\-links\-opml\.php|wp\-locations\.php)") {
set $cache_uri "no cache";
}
# Don't use the cache for logged in users or recent commenters
if ($http_cookie ~* "comment_author|wordpress_[a-f0-9]+|wp\-postpass|wordpress_logged_in") {
set $cache_uri 'no cache';
}
# Deny all attempts to access hidden files such as .htaccess, .htpasswd, .DS_Store (Mac).
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location / {
try_files $uri $uri/ /index.php?$args;
}
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme:http://$host$uri/ permanent;
# Cache static files for as long as possible - removed xml as an extension to avoid problems with Yoast WordPress SEO plugin which uses WP rewrite API.
location ~* \.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
try_files $uri =404;
expires max;
access_log off;
}
# Pass PHP scripts on to PHP-FPM
location ~* \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
try_files $uri /index.php;
fastcgi_index index.php;
fastcgi_pass unix:/var/run/php5-fpm.sock;
#fastcgi_pass 127.0.0.1:9000;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
}
}我曾尝试将if ($http_host !="www.pasangbatu.com") {更改为如下所示:
if ($http_host != "www.pasangbatu.com") {
rewrite ^ https://www.pasangbatu.com$request_uri permanent;
}我重启nginx并刷新我的网页,我在主页上启用了ssl。但是如果我转到另一个页面/点击文章链接,页面就会回到http协议而不是https。
如果我禁用if condition block并像这样写:
rewrite ^ https://www.pasangbatu.com$request_uri permanent;我的网站返回“许多重定向bla bla bla”。
如何启用https到我所有的页面?需要你的帮助
谢谢。
回答 1
Stack Overflow用户
发布于 2016-08-23 01:53:51
因此,从本质上讲,这个问题归结为这样一个事实:当使用灵活的SSL时,您的web服务器可以看到HTTP上的连接(而从源到浏览器的连接是通过HTTPS的)。
为了解决这个问题,你需要在你的Nginx配置中挂接到X-Forwarded-Proto头文件。
像CloudFlare Flexible SSL plugin这样的插件也可能对你有用。
通过使用CloudFlare's Page Rules,您能够有效地redirect HTTP to HTTPS traffic。
https://stackoverflow.com/questions/39074739
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号