Appearance
HTTP强制跳转HTTPS
将HTTP请求强制跳转到HTTPS,确保所有访问都使用安全连接。
基本跳转
简单跳转
nginx
server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
root /var/www/html;
}保留路径跳转
nginx
server {
listen 80;
server_name example.com;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
root /var/www/html;
}多域名跳转
主域名和www域名
nginx
server {
listen 80;
server_name example.com www.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name example.com www.example.com;
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
root /var/www/html;
}统一跳转到主域名
nginx
server {
listen 80;
server_name example.com www.example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl;
server_name example.com www.example.com;
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
root /var/www/html;
}特定路径跳转
特定路径跳转
nginx
server {
listen 80;
server_name example.com;
location /admin/ {
return 301 https://$server_name$request_uri;
}
location / {
root /var/www/html;
}
}
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
root /var/www/html;
}特定文件跳转
nginx
server {
listen 80;
server_name example.com;
location ~* \.(php|html)$ {
return 301 https://$server_name$request_uri;
}
location / {
root /var/www/html;
}
}条件跳转
基于User-Agent跳转
nginx
server {
listen 80;
server_name example.com;
if ($http_user_agent ~* "bot|spider") {
return 301 https://$server_name$request_uri;
}
root /var/www/html;
}基于IP跳转
nginx
server {
listen 80;
server_name example.com;
if ($remote_addr ~* "192.168.1.") {
return 301 https://$server_name$request_uri;
}
root /var/www/html;
}完整配置
生产环境配置
nginx
# HTTP跳转HTTPS
server {
listen 80;
server_name example.com www.example.com;
return 301 https://example.com$request_uri;
}
# HTTPS配置
server {
listen 443 ssl http2;
server_name example.com www.example.com;
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
# SSL协议和加密套件
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
# SSL会话缓存
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
# HSTS
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
root /var/www/html;
index index.html;
access_log /var/log/nginx/https.access.log;
error_log /var/log/nginx/https.error.log;
}测试跳转
测试HTTP跳转
bash
curl -I http://example.com预期结果:
HTTP/1.1 301 Moved Permanently
Location: https://example.com/测试HTTPS访问
bash
curl -I https://example.com预期结果:
HTTP/2 200常见问题
跳转循环
原因: HTTPS配置错误
解决: 检查HTTPS配置
nginx
server {
listen 443 ssl;
server_name example.com;
ssl_certificate /etc/nginx/ssl/example.com.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.key;
root /var/www/html;
}跳转不生效
原因: return指令位置错误
解决: 将return指令放在server块中
nginx
server {
listen 80;
server_name example.com;
return 301 https://$server_name$request_uri;
}路径丢失
原因: 未使用$request_uri
解决: 使用$request_uri保留路径
nginx
return 301 https://$server_name$request_uri;总结
HTTP强制跳转HTTPS的关键点:
- 基本跳转:return 301 https://$server_name$request_uri
- 多域名:统一跳转到主域名
- 特定路径:仅跳转特定路径
- 条件跳转:基于User-Agent或IP
- 测试验证:确保跳转正常
合理配置HTTP跳转HTTPS,确保所有访问都使用安全连接。