nginx强制跳转https配置,通过http状态吗实现,http状态吗地址:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/307
301 It is therefore recommended to use the 301
code only as a response for GET
or HEAD
methods and to use the 308
Permanent Redirect
for POST
methods instead, as the method change is explicitly prohibited with this status.
#cat conf.d/test.conf
server {
listen 80;
server_name cul.xget.com;
location / {
auth_basic "it's protected";
auth_basic_user_file /data/.htpasswd;
proxy_pass http://10.10.17.31:8500;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forward-For $proxy_add_x_forwarded_for;
proxy_set_header Access-Control-Allow-Origin *;
proxy_next_upstream http_502 http_504 error timeout invalid_header;
}
listen 443 ssl;
ssl_certificate /root/USSL_TBDmkIc7/Nginx/public.pem;
ssl_certificate_key /root/USSL_TBDmkIc7/Nginx/private.key;
ssl_session_cache shared:le_nginx_SSL:1m; # managed by Certbot
ssl_session_timeout 1440m; # managed by Certbot
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # managed by Certbot
ssl_prefer_server_ciphers on; # managed by Certbot
ssl_ciphers "ECDHE-ECDSA-AES128-GCM-SHA256 ECDHE-ECDSA-AES256-GCM-SHA384 ECDHE-ECDSA-AES128-SHA ECDHE-ECDSA-AES256-SHA ECDHE-ECDSA-AES128-SHA256 ECDHE-ECDSA-AES256-SHA384 ECDHE-RSA-AES128-GCM-SHA256 ECDHE-RSA-AES256-GCM-SHA384 ECDHE-RSA-AES128-SHA ECDHE-RSA-AES128-SHA256 ECDHE-RSA-AES256-SHA384 DHE-RSA-AES128-GCM-SHA256 DHE-RSA-AES256-GCM-SHA384 DHE-RSA-AES128-SHA DHE-RSA-AES256-SHA DHE-RSA-AES128-SHA256 DHE-RSA-AES256-SHA256 EDH-RSA-DES-CBC3-SHA"; # managed by Certbot
if ($scheme != "https"){
return 301 https://$host$request_uri;
}
}