@[TOC](Nginx rewrite模块http到https跳转 小节8)
ngx_http_rewrite_module(参考下面示例)
[flag]:
- last:重写完成后停止对当前URI在当前location中后续的其它重写操作,而后对新的URI启动新一轮重写检查;提前重启新一轮循环,不建议在location中使用
- break:重写完成后停止对当前URI在当前location中后续的其它重写操作,而后直接跳转至重写规则配置块后的其它配置;结束循环,建议在location中使用
- redirect:临时重定向,重写完成后以临时重定向方式直接返回重写后生成的新URI给客户端,由客户端重新发起请求;可使用相对路径,或http://或https://开头,此重定向信息不可缓存,状态码:302
- permanent:重写完成后以永久重定向方式直接返回重写后生成的新URI给客户端,由客户端重新发起请求,此重定向信息可缓存,状态码:301
实验:rewrite
示例1:last
访问test1时,跳转至test2
nginx10
[root@nginx10 ~]# vim /apps/nginx/conf/nginx.conf
location /echo {
default_type text/plain;
echo hello;
if ( $scheme = http ) {
echo http;
}
}
location /test {
index index.html;
default_type text/html;
}
location /test1 { <--
rewrite ^/test1/(.*)$ /test2/$1 last; <--访问test1时,跳转至test2
} <--
location /test2 { <--
default_type test/html; <--
echo test2; <--test2打印一句话
} <--
location / {
root html;
index index.html index.htm;
}
[root@nginx10 ~]# nginx -s reload
centos6
[root@centos6 ~]$ curl http://192.168.37.10/test1/
test2
[root@centos6 ~]$ curl http://www.test.com/test1/
test2
示例2:break(跳转一次就可以了、不能来回跳)
nginx10
#break
[root@nginx10 ~]# vim /apps/nginx/conf/nginx.conf
...
location /hn {
rewrite ^/hn/(.*)$ /henan/$1 break;
}
location /henan {
rewrite ^/henan/(.*)$ /hn/$1 break;
default_type test/html;
echo henan;
}
...
[root@nginx10 ~]# mkdir /apps/nginx/html/henan/
[root@nginx10 ~]# echo /apps/nginx/html/henan/index.html > /apps/nginx/html/henan/index.html
[root@nginx10 ~]# nginx -s reload
centos6
[root@centos6 ~]$ curl http://192.168.37.10/hn/
henan
[root@centos6 ~]$ curl http://www.test.com/hn/
henan
示例3:permanent(永久重定向)
nginx
[root@nginx10 ~]# vim /apps/nginx/conf/nginx.conf
...
location /hn {
rewrite ^/hn/(.*)$ /henan/$1 break;
}
location /henan {
rewrite ^/henan/(.*)$ /hn/$1 permanent; <--permanent(永久重定向)
default_type test/html;
echo henan;
}
...
[root@nginx10 ~]# nginx -s reload
rewrite 生产案例
- 要求:将 http:// 请求跳转到 https://
- 生产案例
location / { if ($scheme = http ) { rewrite / https://www.magedu.net/ redirect; } }
实验:跳转
nginx
[root@nginx ~]# vim /etc/nginx/conf.d/test.conf
server_tokens off;
server {
listen 80;
listen 443 ssl;
server_name www.a.net;
root /data/site1/;
ssl_certificate /etc/nginx/ssl/a.net.crt;
ssl_certificate_key /etc/nginx/ssl/a.net.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
access_log /var/log/nginx/a_net.access.log access_json;
location / { <--
if ( $scheme = http ) { <--if条件判断
rewrite ^/(.*)$ https://www.a.net/$1 redirect; <--
} <--
} <--
}
server {
listen 80;
server_name *.a.tech;
root /data/site2/;
}
[root@nginx ~]# nginx -s reload
centos6
#'L跳转、-k忽略证书检查'
[root@centos6 ~]$ curl -IL -k http://www.a.net/
HTTP/1.1 302 Moved Temporarily
Server: nginx
Date: Tue, 09 Aug 2022 19:32:44 GMT
Content-Type: text/html
Content-Length: 138
Connection: keep-alive
Location: https://www.a.net/
HTTP/1.1 200 OK
Server: nginx
Date: Tue, 09 Aug 2022 19:32:44 GMT
Content-Type: text/html
Content-Length: 23
Last-Modified: Mon, 08 Aug 2022 18:27:36 GMT
Connection: keep-alive
ETag: "62f15598-17"
Accept-Ranges: bytes
#成功
[root@centos6 ~]$ curl -L -k http://www.a.net/
/data/site1/index.html
两个ip、主机头区分
nginx
[root@nginx ~]# vim /etc/nginx/conf.d/test.conf
server_tokens off;
server {
listen 80;
listen 443 ssl;
server_name www.a.net;
root /data/site1/;
ssl_certificate /etc/nginx/ssl/a.net.crt;
ssl_certificate_key /etc/nginx/ssl/a.net.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
access_log /var/log/nginx/a_net.access.log access_json;
location / {
if ( $scheme = http ) {
rewrite ^/(.*)$ https://www.a.net/$1 redirect;
}
}
}
server {
listen 80;
listen 443 ssl;
server_name www.a.org;
root /data/site2/;
ssl_certificate /etc/nginx/ssl/a.org.crt;
ssl_certificate_key /etc/nginx/ssl/a.org.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
access_log /var/log/nginx/a_org.access.log access_json;
}
[root@nginx ~]# cd /etc/pki/tls/certs/
[root@nginx certs]# vim Makefile
···
%.key:
umask 77 ; \
#/usr/bin/openssl genrsa -aes128 $(KEYLEN) > $@ <--注释掉此行
/usr/bin/openssl genrsa $(KEYLEN) > $@ <--添加、不加密
···
[root@nginx certs]# make a.org.crt
umask 77 ; \
/usr/bin/openssl req -utf8 -new -key a.org.key -x509 -days 365 -out a.org.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:CN
State or Province Name (full name) []:beijing
Locality Name (eg, city) [Default City]:beijing
Organization Name (eg, company) [Default Company Ltd]:a.org
Organizational Unit Name (eg, section) []:opt
Common Name (eg, your name or your server's hostname) []:www.a.org
Email Address []:
#查看文件自签名信息
[root@nginx certs]# openssl x509 -in a.org.crt -noout -text
#移动到指定目录
[root@nginx certs]# mv a.org.* /etc/nginx/ssl/
#权限600
[root@nginx certs]# chmod 600 /etc/nginx/ssl/*
[root@nginx ~]# nginx -s reload
centos6
注意更改/etc/hosts、'192.168.37.7 www.a.org'
[root@centos6 ~]$ curl http://www.a.org/
/data/site2/index.html
实验:http跳转到https
如果用户访问的页面不存在、就跳转到指定页面
nginx
[root@nginx certs]# vim /etc/nginx/conf.d/test.conf
server_tokens off;
server {
listen 80;
listen 443 ssl;
server_name www.a.net;
root /data/site1/;
ssl_certificate /etc/nginx/ssl/a.net.crt;
ssl_certificate_key /etc/nginx/ssl/a.net.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
access_log /var/log/nginx/a_net.access.log access_json;
location / {
if ( !-e $request_filename ) { <--如果访问页面不存在
rewrite ^/(.*)$ https://www.a.net/ redirect; <--跳转到指定页面
} <--
}
}
server {
listen 80;
listen 443 ssl;
server_name www.a.org;
root /data/site2/;
ssl_certificate /etc/nginx/ssl/a.org.crt;
ssl_certificate_key /etc/nginx/ssl/a.org.key;
ssl_session_cache shared:sslcache:20m;
ssl_session_timeout 10m;
access_log /var/log/nginx/a_org.access.log access_json;
}
