Nginx enforces HTTPS access (HTTP jumps to HTTPS)

Requirements Introduction

Now the company wants to do the app, but the Apple store requires that after January 1, 2017, all the docking sites must be SSL encrypted, so the company can only apply to purchase SSL. But the general user access will be 80 port access, if not to jump, access to 80 pages will be error, so the following three ways. My domain is http://www.jinglianwang.cn jump to https://www.jinglianwang.cn

First, Nginx rewrite method

Ideas

This should be the easiest way for everyone to think about it, and rewrite all HTTP requests via rewrite to HTTPS.

Configuration

server {

Listen 127.0.0.1:80;

server_name www.jinglianwang.cn;

Rewrite ^ (. *) $ https://$host $ permanent;

}

You need to add a 443 configuration to the server

server {

Listen 443;

server_name www.jinglianwang.cn;

SSL on;

Ssl_certificate Server.pem;

Ssl_certificate_key Server.key;

Ssl_session_timeout 5m;

Ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

#启用TLS1.1, TLS1.2 requirements OpenSSL1.0.1 and above version, if your OpenSSL version is lower than the requirements, please use ssl_protocols TLSv1;

Ssl_ciphers high:! rc4:! md5:!anull:!enull:! Null:! Dh:! edh:! Exp:+medium;

Ssl_prefer_server_ciphers on;

Company configuration, slightly

}

Once this configuration is complete, you can rewrite all http://www.jinglianwang.cn requests to https://www.jinglianwang.cn.

Second, Nginx 497 status code

Error code 497

497-normal request was sent to HTTPS

Explanation: When this virtual site allows only HTTPS access, Nginx will report a 497 error code when it is accessed with HTTP

Ideas

Use the Error_page command to redirect the link of the 497 status code to the domain name of https://www.jinglianwang.cn

Configuration

server {

Listen www.jinglianwang.cn:443; #ssl端口

Listen www.jinglianwang.cn:80; #用户习惯用http访问, plus 80, followed by a 497 status code to automatically jump to port 443.

server_name test.com;

#为一个server {...} Turn on SSL support

SSL on;

#指定PEM格式的证书文件

SSL_CERTIFICATE/ETC/NGINX/SERVER.PEM;

#指定PEM格式的私钥文件

Ssl_certificate_key/etc/nginx/server.key;

#让http请求重定向到https请求

Error_page 497 https://$host $uri? $args;

}

(This is not recommended)

Third, index.html refresh the page

Ideas

Both of these methods will consume the resources of the server, we use Curl to access baidu.com try to see how Baidu's company is to achieve baidu.com to www.baidu.com jump

650) this.width=650; "src=" Http://img.my.csdn.net/uploads/201301/28/1359362590_2236.png "style=" border:none; "/ >

Can see Baidu very clever use Meta refresh role, will baidu.com jump to www.baidu.com. So we can base on http:// Www.jinglianwang.cn also write a index.html under the virtual host path, the content is http to https jump

Index.html

< HTML >   

<Meta http-equiv="Refresh" content="0;url=https://www.jinglianwang.cn/">  

</ HTML >   

Nginx Virtual Host Configuration

server {

Listen 127.0.0.1:80;

server_name www.jinglianwang.cn;

Location/{

#index. HTML is placed in the root directory of the virtual host listener

root/jinglian/;

}

#将404的页面重定向到https的首页

Error_page 404 https://www.jinglianwang.cn/;

}

443 configuration does not repeat.

Postscript

(1) The above three methods can be implemented based on Nginx forcing HTTP requests to jump to HTTPS requests, you can evaluate the pros or cons or according to the actual needs of the choice.

(2) My blog for all of the students have a certain basis, reference must be combined with their actual situation, I have a lot of configuration based on project security considerations have done a limitation, should not have brain copy!

This article from the "Army Brother blog" blog, reproduced please contact the author!

Nginx enforces HTTPS access (HTTP jumps to HTTPS)