Nginx http跳转到https,接口POST请求变成GET问题解决,跨域处理

引起这个问题的原因是“永久重定向和临时重定向”

301 Moved Permanently
被请求的资源已永久移动到新位置,并且将来任何对此资源的引用都应该使用本响应返回的若干个 URI 之一

307 Temporary Redirect
请求的资源现在临时从不同的URI 响应请求。由于这样的重定向是临时的,客户端应当继续向原有地址发送以后的请求

两种配置方式,如果是前端网站http需要永久跳转到https访问,使用如下方式配置;例如访问

http://www.xxx.com  ====> https://www.xxx.com,后续访问其他该网站页面都是https协议,此时按此方式配置

# www.xxx.com
upstream front_server {
    server 172.16.152.198:30002;
    server 172.16.152.199:30002;
    server 172.16.152.200:30002;
}

server {
    listen 80;
    server_name www.xxx.com;
    rewrite ^(.*) https://${server_name}$1 permanent;
}

server {
    listen 443 ssl;
    server_name www.xxx.com;
    ssl_certificate   cert/xxxxxxxx.pem;
    ssl_certificate_key  cert/xxxxxxxxxxx.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    access_log /var/log/nginx/www.xxx.com_access.log;
    error_log /var/log/nginx/www.xxx.com_error.log;

    location / {
        proxy_redirect off;
        proxy_set_header host $host;
        proxy_set_header x-real-ip $remote_addr;
        proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
        proxy_pass http://front_server;
    }
}

如果是服务端API的域名,不涉及到后续永久重定向问题,每次请求http是临时重定向到https访问

例如:http://www.xxx.com/api/order/list  ===> https://www.xxx.com/api/order/list

配置方式如下:

# www.xxx.com.conf
upstream backend_server {
    server 172.16.152.198:30001;
    server 172.16.152.199:30001;
    server 172.16.152.200:30001;
}

server {
    listen 80;
    server_name www.xxx.com;
    return 307 https://$server_name$request_uri;
}

server {
    listen 443 ssl;
    server_name www.xxx.com;
    ssl_certificate   cert/xxxxxxxxx.pem;
    ssl_certificate_key  cert/xxxxxxxxxxxx.key;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    access_log /var/log/nginx/www.xxx.com_access.log;
    error_log /var/log/nginx/www.xxx.com_error.log;

    location / {
        #跨域
        add_header Access-Control-Allow-Origin * always;
        add_header Access-Control-Allow-Credentials true;
        add_header Access-Control-Max-Age 7200;
        add_header Access-Control-Allow-Methods * always;
        add_header Access-Control-Allow-Headers * always;

        #预检请求直接返回204(no content)
        if ($request_method = OPTIONS){
            return 204;
        }

        proxy_redirect off;
        proxy_set_header host $host;
        proxy_set_header x-real-ip $remote_addr;
        proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
        proxy_pass http://backend_server;
    }
}

你可能感兴趣的:(Linux,https,nginx,http)