server
{
listen 80;
server_name xxx.com www.xxx.com;
return 301 https://www.xxx.com$request_uri;
}
server
{
listen 443 ssl http2;
if ($host = xxx.com) {
return 301 https://www.xxx.com$request_uri;
}
刚好最近也做了个一样跳转。。。完全没问题yc007t
akige 发表于 2018-5-1 22:45
大佬 按照你这个配置 真的有问题 。你去测试下。我看着语法也没问题。就是不行。。。。 ...
server {
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
#RSA
ssl_certificate /root/ssl/strelizia.org_RSA.crt;
ssl_certificate_key /root/ssl/strelizia.org_RSA.key;
#ECC
ssl_certificate /root/ssl/strelizia.org_ECC.crt;
ssl_certificate_key /root/ssl/strelizia.org_ECC.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS;
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
add_header Strict-Transport-Security max-age=15768000;
ssl_stapling on;
ssl_stapling_verify on;
server_name strelizia.org www.strelizia.org;
if ($ssl_protocol = "") { return 301 https://$host$request_uri; }
if ($host != strelizia.org) {return 301 $scheme://strelizia.org$request_uri;}
对着看看 双证书部分无视即可yc003t
guoaibing 发表于 2018-5-1 23:07
server
{
listen 80;
我也是啊。。。我给的配置也是在用测试通过的。。。目测firefox缓存问题
