【无标题】

实现 HSTS

add_header Strict-Transport-Security “max-age=31536000;includeSubDomains” always; 配合rewrite

root@server01:/apps/nginx/conf/conf.d# cat zabbix.luohuiwen.top 
server {
    listen  8822;
    listen 443 ssl;
    add_header Strict-Transport-Security "max-age=31536000;includeSubDomains" always;
    ssl_certificate /apps/nginx/conf/cert/a.crt;
    ssl_certificate_key  /apps/nginx/conf/cert/zabbix.luohuiwen.top.key;
    server_name zabbix.luohuiwen.top;
    location / {
        root /apps/nginx/html/pc;
	if ( $scheme = http ) {
		rewrite ^/(.*)$ https://120.77.146.92:443/$1 redirect;
			}
	}
    location /t  {
	alias /apps/nginx/html/test;
	}
    location ^~ /about/  {
	root /opt/pc/aaa/;
	}
    location ~* /luo/  {
	alias /opt/pc/luo/;
	}
}

测试

 curl -k   -L -v  http://120.77.146.92:8822/

-k 不校验证书
-L  跟踪跳转

openssl升级

https://www.openssl.org/source/openssl-3.0.10.tar.gz
tar -xf openssl-3.0.10.tar.gz
重新编译添加–with-openssl=/usr/local/src/openssl-3.0.10

rewrite

地址重写

return

        location /baidu {
        return http://www.jd.com/;
    }

location /t  {
alias /apps/nginx/html/test;
if ( $scheme = http ) {
	rewrite ^/(.*)$ https://120.77.146.92:443/$1 redirect;
#	return  https://120.77.146.92:443/;
		}
}



 location /test  {
    rewrite .*  /about redirect;
}
        location  /bj {
            rewrite ^/bj/(.*)$   /beging/$1 break;
访问bj/index.html 跳转到beging/index.html
root@server01:/apps/nginx/conf/conf.d# curl -L -k   120.77.146.92:8889/bj/index.html
/apps/nginx/html/mobile/beging

在NGINX中,rewrite和return是两个不同的指令用于URL重写和请求处理。

  1. rewrite:rewrite指令用于修改请求URL。它可以通过正则表达式匹配请求的URL,并根据需要对其进行修改。重写后的URL可以是内部的或外部的。内部重写会在服务器内部重定向请求到新的URL,而对于外部重写,服务器会向客户端返回一个重定向响应。

  2. return:return指令用于在特定条件下直接返回响应。它可以用来中断请求处理流程并返回指定的HTTP状态码和相应的响应内容。return通常用于实现简单的重定向、拒绝访问等请求处理逻辑。

简而言之,rewrite用于修改URL并处理重定向,而return用于直接返回响应,可以实现简单的重定向和请求拒绝。

last 和break

last 匹配一个location 还还会往后匹配,可能造成循环, 地址不会变化,内容变化,301 302 地址会变
last: 匹配后再匹配后面的
stops processing the current set of ngx_http_rewrite_module directives and starts a search for a new location matching the changed URI;
break:停止匹配后面的ngx_http_rewrite_module 模块指令
stops processing the current set of ngx_http_rewrite_module directives as with the break directive;
redirect
returns a temporary redirect with the 302 code; used if a replacement string does not start with “http://”, “https://”, or “$scheme”;
permanent
returns a permanent redirect with the 301 code.

http跳转https

location / {
    root /apps/nginx/html/pc/;
    index index.html;
    if ($scheme = http ){
            rewrite / https://$host redirect;
    }

方法二

        if ($scheme = http ){
        return 301 https://zabbix.luo.com$request_uri;
        }

【无标题】_第1张图片

3种方法转换为https
        if ($scheme = http ){
		#rewrite / https://$host redirect;
                rewrite ^(.*)$ https://$host/$1 break;
		#return 301 https://zabbix.luo.com$request_uri;

不存在跳转到指定页面
if (!-e $request_filename) {
return 301 /index.html;

    }

你可能感兴趣的:(nginx)