server { listen 443 ssl; listen 80; server_name test.com; #设置长连接 keepalive_timeout 70; #减少点击劫持 add_header X-Frame-Options DENY; #禁止服务器自动解析资源类型 add_header X-Content-Type-Options nosniff; #防XSS攻击 add_header X-Xss-Protection 1; location / { proxy_pass http://127.0.0.1:8081; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; proxy_pass http://127.0.0.1:8081; } location ~ .*\.(js|css)?$ { expires 30d; proxy_pass http://127.0.0.1:8081; } }
后来要配置成访问http时自动跳转到https,改成如下配置:
server { listen 443 ssl; # listen 80; [b]这个要注释掉,再底下单独写个server[/b] server_name test.com; #设置长连接 keepalive_timeout 70; #减少点击劫持 add_header X-Frame-Options DENY; #禁止服务器自动解析资源类型 add_header X-Content-Type-Options nosniff; #防XSS攻击 add_header X-Xss-Protection 1; location / { proxy_pass http://127.0.0.1:8081; } location ~ .*\.(gif|jpg|jpeg|png|bmp|swf)$ { expires 30d; proxy_pass http://127.0.0.1:8081; } location ~ .*\.(js|css)?$ { expires 30d; proxy_pass http://127.0.0.1:8081; } } server { listen 80; server_name test.com; rewrite ^(.*) https://$server_name$1 permanent; }
一定要把80端口独立写出来进行rewrite到https, 如果不独立出来,访问时nginx会报错,说重定向死循环了, 因为访问80端口rewrite到443,而访问443时又rewrite到443,再又rewrite到443..... 如此便死循环了,分开写就是只对80端口进行rewrite,443不能rewrite到443