Ngxin do http force jump HTTPS, the interface's post request becomes a get

Source: Internet
Author: User

when the company prepares to switch HTTP to HTTPS, it requires HTTP forcing to jump to https. This search on the Internet, the basic summary under

Configure inside the serverrewrite ^(.*)$  https://$host$1 permanent;

or configure it inside the serverreturn 301 https://$server_name$request_uri;

或者在server里面配 if,这里指的是需要配置多个域名

if ($host ~* "^wangshibo.com$") {     rewrite ^/(.*)$ https://dev.wangshibo.com/ permanent; }

or configure it inside the servererror_page 497  https://$host$uri?$args;

Basically on the above methods, site access is no problem, jump is ok


After the configuration is successful, you are ready to change the address of the app interface to HTTPS, which is a problem.

Troubleshooting reasons found that the first GET request is to receive information, the post is not information in the past, I configured in the Nginx log $request_body, the log found that there is no parameters come in, check the front of the log, post has become a get. Found the key to the problem

Through the online search information, found to be caused by 301. Replace with 307 problem resolution.

301 Moved Permanently
The requested resource has been permanently moved to a new location, and any future references to this resource should use one of several URIs returned by this response

307 Temporary Redirect
The requested resource is now temporarily responding to requests from different URIs. Because such redirects are temporary, the client should continue to send subsequent requests to the original address

As we can see from the above, 301 jumps are permanent redirects, while 307 are temporary redirects. This is the difference between the 301 jump and the 307 jump


The above may not see very understand, simple and straightforward to express the difference:


Return 307 https://$server _name$request_uri;


307: For a POST request, the request has not been processed and the client should re-initiate the POST request to the URI in the location

Changing to a 307 status code will force the requirement that the previous method cannot be changed.


The following configuration 80 and 443 coexist:

It needs to be configured in a server with SSL behind port 443. Comment out SSL on, as follows:

server{
Listen 80;
Listen 443 SSL;
server_name testapp.***.com;
Root/data/vhost/test-app;
Index index.html index.htm index.shtml index.php;

#ssl on;
SSL_CERTIFICATE/USR/LOCAL/NGINX/HTTPS/***.CRT;
Ssl_certificate_key/usr/local/nginx/https/***.key;
Ssl_session_timeout 5m;
Ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Ssl_ciphers ecdhe-rsa-aes256-sha384:aes256-sha256:rc4:high:! md5:!anull:!enull:! Null:! Dh:! edh:! AESGCM;
Ssl_prefer_server_ciphers on
Ssl_session_cache shared:ssl:10m;
Error_page 404/404.html;

Location ~ [^/]\.php (/|$) {
Fastcgi_index index.php;
Include fastcgi.conf;
Fastcgi_pass 127.0.0.1:9000;
#include fastcgi_params;
Fastcgi_param script_filename $document _root$fastcgi_script_name;
}
Access_log/data/logs/nginx/access.log access;
Error_log/data/logs/nginx/error.log Crit;
}


Two-server notation:

server{
Listen 80;
server_name testapp.***.com;
Rewrite ^ (. *) https://$server _name$1 permanent;
}

server{
Listen 443;
server_name testapp.***.com;
Root/data/vhost/test-app;
Index index.html index.htm index.shtml index.php;

SSL on;
SSL_CERTIFICATE/USR/LOCAL/NGINX/HTTPS/***.CRT;
Ssl_certificate_key/usr/local/nginx/https/***.key;
Ssl_session_timeout 5m;
Ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
Ssl_ciphers ecdhe-rsa-aes256-sha384:aes256-sha256:rc4:high:! md5:!anull:!enull:! Null:! Dh:! edh:! AESGCM;
Ssl_prefer_server_ciphers on
Ssl_session_cache shared:ssl:10m;
Error_page 404/404.html;

Location ~ [^/]\.php (/|$) {
Fastcgi_index index.php;
Include fastcgi.conf;
Fastcgi_pass 127.0.0.1:9000;
#include fastcgi_params;
Fastcgi_param script_filename $document _root$fastcgi_script_name;
}
Access_log/data/logs/nginx/access.log access;
Error_log/data/logs/nginx/error.log Crit;
}

Offer SSL optimization, the following can be used according to the business, not all configuration, the general configuration of the red part of the line

SSL on;

ssl_certificate   /usr/local/https/www.localhost.com.crt; ssl_certificate_key  /usr/local/https/www.localhost.com.key;

Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #只允许TLS协议
Ssl_ciphers ecdhe-rsa-aes256-sha384:aes256-sha256:rc4:high:! md5:!anull:!enull:! Null:! Dh:! edh:!  AESGCM; #加密套件, here uses CloudFlare's Internet facing SSL cipher configurationssl_prefer_server_ciphers on; #由服务器协商最佳的加密算法ssl_session_cache builtin:1000 shared:ssl:10m;
#Session Cache, the Session is cached to the server, which may consume more server resources ssl_session_tickets on;  #开启浏览器的Session ticket cache ssl_session_timeout 10m; #SSL session Expiration time ssl_stapling on;  #OCSP stapling on, OCSP is a service for online query certificate revocation, using OCSP stapling to cache information about the valid state of a certificate to the server, increasing the TLS handshake speed ssl_stapling_verify on;  #OCSP stapling Verification to open resolver 8.8.8.8 8.8.4.4 valid=300s;  #用于查询OCSP服务器的DNSresolver_timeout 5s; #查询域名超时时间



Ngxin do http force jump HTTPS, the interface's post request becomes a get

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.