允许加密SSL、HTTP 2和重定向的NGINX服务器配置
允许加密SSL、HTTP 2和重定向的NGINX服务器配置
提问于 2019-09-16 02:45:38
最近,我试图升级我的服务器信任以支持HTTP 2,并注意到当浏览器试图在没有SSL的情况下加载站点时,它会下载一个50字节的二进制文件。
配置如下。
它正常工作--通过重定向将请求升级到HTTPS --直到我在重定向的最后将http2添加到listen指令中。
其后果是,不安全的HTTP请求现在被缓存,这非常糟糕,但是,我想了解为什么会发生这种情况,以及我应该如何配置服务器。
从那时起,我就从重定向http2指令中删除了listen。
我认为最好向浏览器指定服务器全程支持http2,但没有按计划进行--出于某种原因,响应类型没有以html的形式发送。
为什么会发生这种事?
server {
root /var/domains/mywebsite.com/html;
error_log off;
access_log off;
index index.php index.html;
server_name mywebsite.com;
gzip on;
gzip_types text/plain application/xml application/json application/javascript;
location /service-worker.js {
add_header Cache-Control "max-age=0, no-cache, no-store, must-revalidate";
expires off;
access_log off;
}
location / {
try_files $uri $uri/ /index.html;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
}
location ~ /\.ht {
deny all;
}
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem; # managed by Certbot
# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_ciphers "EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
error_log off;
access_log off;
server_name www.mywebsite.com;
location ~ {
rewrite ^/(.*)$ https://mywebsite.com/$1 permanent;
}
listen 443 ssl http2;
ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem; # managed by Certbot
# include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_ciphers "EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5";
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
server_name mywebsite.com;
if ($host = mywebsite.com) {
return 301 https://$host$request_uri;
}
listen 80 http2;
return 404;
}
server {
server_name www.mywebsite.com;
if ($host = www.mywebsite.com) {
return 301 https://$host$request_uri;
}
listen 80 http2;
return 404;
}回答 1
Stack Overflow用户
回答已采纳
发布于 2019-09-16 09:59:19
Nginx不允许在非HTTPS连接上使用HTTP/2和HTTP/1。在这里引发的Bug:https://trac.nginx.org/nginx/ticket/816。
非HTTPS/2(又名h2c)连接与web浏览器仅在HTTPS上使用HTTP/2一样诚实,这是没有什么意义的,因此,为什么这个bug还没有被优先修复。
因此,从端口80服务器配置中删除http2,并将其留给端口443配置。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/57949810
复制相关文章
相似问题
腾讯云开发者
