设置让我们加密后网站重定向次数过多
Site redirected too many times after setting let's encrypt
我已经设置 www.myapp.io 连接到由 nginx 托管的 MEAN-stack 应用程序。它有效,现在,我想添加 SSL 到它。我已关注 this link 以确保 let's encrypt。
然而,配置后,https://www.myapp.io 不工作:www.myapp.io redirected you too many times. ERR_TOO_MANY_REDIRECTS。
下面是/etc/nginx/sites-enabled/myapp.io,有谁知道哪里错了?
server {
listen 80;
server_name myapp.io www.myapp.io;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name myapp.io www.myapp.io;
ssl_certificate /etc/letsencrypt/live/myapp.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/myapp.io/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:EC$
ssl_session_timeout 1d;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
location ~ /.well-known {
allow all;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept-Encoding "";
proxy_set_header Proxy "";
proxy_pass https://127.0.0.1:3000;
}
}
(我没有放ssl_session_cache shared:SSL:50m;,因为/etc/nginx/nginx.conf里已经有ssl_session_cache shared:SSL:10m;了。)
添加 ssl 之前的配置文件,有效:
server {
listen 80;
server_name myopp.io *.myopp.io;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept-Encoding "";
proxy_set_header Proxy "";
proxy_pass http://127.0.0.1:3000;
}
}
PS: 该站点是通过 cloudflare 管理的,目前 clouldflare 上的 SSL 设置是Flexible,不知道要不要改
正如@dave_thompson_085 在他的评论中建议的那样,在 Cloudflare 中将 Flexible 更改为 Full 将使 https://www.myapp.io 可访问...
我已经设置 www.myapp.io 连接到由 nginx 托管的 MEAN-stack 应用程序。它有效,现在,我想添加 SSL 到它。我已关注 this link 以确保 let's encrypt。
然而,配置后,https://www.myapp.io 不工作:www.myapp.io redirected you too many times. ERR_TOO_MANY_REDIRECTS。
下面是/etc/nginx/sites-enabled/myapp.io,有谁知道哪里错了?
server {
listen 80;
server_name myapp.io www.myapp.io;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name myapp.io www.myapp.io;
ssl_certificate /etc/letsencrypt/live/myapp.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/myapp.io/privkey.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:EC$
ssl_session_timeout 1d;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security max-age=15768000;
location ~ /.well-known {
allow all;
}
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept-Encoding "";
proxy_set_header Proxy "";
proxy_pass https://127.0.0.1:3000;
}
}
(我没有放ssl_session_cache shared:SSL:50m;,因为/etc/nginx/nginx.conf里已经有ssl_session_cache shared:SSL:10m;了。)
添加 ssl 之前的配置文件,有效:
server {
listen 80;
server_name myopp.io *.myopp.io;
location / {
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept-Encoding "";
proxy_set_header Proxy "";
proxy_pass http://127.0.0.1:3000;
}
}
PS: 该站点是通过 cloudflare 管理的,目前 clouldflare 上的 SSL 设置是Flexible,不知道要不要改
正如@dave_thompson_085 在他的评论中建议的那样,在 Cloudflare 中将 Flexible 更改为 Full 将使 https://www.myapp.io 可访问...