{"id":7488,"date":"2018-05-29T10:39:13","date_gmt":"2018-05-29T02:39:13","guid":{"rendered":"http:\/\/rmohan.com\/?p=7488"},"modified":"2018-05-29T10:39:13","modified_gmt":"2018-05-29T02:39:13","slug":"ngxin-environment-it-requires-http-to-force-a-jump-to-https","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=7488","title":{"rendered":"Ngxin environment. It requires http to force a jump to https"},"content":{"rendered":"

The company intends to replace http with https in the Ngxin environment. It requires http to force a jump to https.\u00a0This search on the Internet, the basic summary
\nConfigure rewrite ^(.*)$ https:\/\/$host$1 permanent;<\/p>\n

Or in the server configuration return 301 https:\/\/$server_name$request_uri;<\/p>\n

Or in the server with if, here refers to the need to configure multiple domain names<\/p>\n

If ($host ~* “^rmohan.com$”) {<\/p>\n

Rewrite ^\/(.*)$ https:\/\/dev.rmohan.com\/ permanent;<\/p>\n

}<\/p>\n

Or in the server configuration error_page 497 https:\/\/$host$uri?$args;<\/p>\n

Basically on the above several methods, website visit is no problem, jump is ok<\/p>\n

After the configuration is successful, prepare to change the address of the APP interface to https. This is a problem.<\/p>\n

The investigation found that the first GET request is to receive information, POST pass in the past is no information, I configure the $ request_body in the nginx log, the log inside that does not come with parameters, view the front of the log, POST changed Become a GET.\u00a0Finding the key to the problem<\/p>\n

Through the online search, the discovery was caused by 301.\u00a0Replaced by 307 problem solving.<\/p>\n

301 Moved Permanently The
\nrequested resource has been permanently moved to a new location, and any future references to this resource should use one of several URIs returned by this response<\/p>\n

307 Temporary Redirect The
\nrequested resource now temporarily responds to requests from different URIs.\u00a0Because such redirection is temporary, the client should continue to send future requests to the original address.<\/p>\n

From the above we can see that 301 jump is a permanent redirect, and 307 is a temporary redirect.\u00a0This is the difference between 301 jumps and 307 jumps.<\/p>\n

The above may not look very clear, simple and straightforward to express the difference:<\/p>\n

Return 307 https:\/\/$server_name$request_uri;<\/p>\n

307: For a POST request, indicating that the request has not yet been processed, the client should re-initiate a POST request to the URI in Location.<\/p>\n

Change to the 307 status code to force the request to change the previous method.<\/p>\n

The following configuration 80 and 443 coexist:<\/p>\n

Need to be configured in a server, 443 port plus ssl.\u00a0Comment out ssl on;, as follows:<\/p>\n

Server{
\nlisten 80;
\nlisten 443 ssl;
\nserver_name testapp.***.com;
\nroot \/data\/vhost\/test-app;
\nindex index.html index.htm index.shtml index.php;
\n#ssl on;
\nssl_certificate \/usr\/local\/nginx\/https\/***.crt;
\nssl_certificate_key \/usr\/local\/nginx\/https\/***.key;
\nssl_session_timeout 5m;
\nssl_protocols TLSv1 TLSv1.1 TLSv1.2;
\nssl_ciphers ECDHE -RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
\nssl_prefer_server_ciphers on
\nssl_session_cache shared:SSL:10m;
\nerror_page 404 \/404. Html;
\nLocation ~ [^\/]\\.php(\/|$) {
\nfastcgi_index index.php;
\ninclude fastcgi.conf;
\nfastcgi_pass 127.0.0.1:9000;
\n#include fastcgi_params;
\nfastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
\n}
\naccess_log \/data\/logs\/ Nginx\/access.log access;
\nerror_log \/data\/logs\/nginx\/error.log crit;
\n}<\/p>\n

The two server wording:<\/p>\n

Server{
\nlisten 80;
\nserver_name testapp.***.com;
\nrewrite ^(.*) https:\/\/$server_name$1 permanent;
\n}<\/p>\n

Server{
\nlisten 443;
\nserver_name testapp.***.com;
\nroot \/data\/vhost\/test-app;
\nindex index.html index.htm index.shtml index.php;
\nSsl on;
\nssl_certificate \/usr\/local\/nginx\/https\/***.crt;
\nssl_certificate_key \/usr\/local\/nginx\/https\/***.key;
\nssl_session_timeout 5m;
\nssl_protocols TLSv1 TLSv1.1 TLSv1.2;
\nssl_ciphers ECDHE- RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!AESGCM;
\nssl_prefer_server_ciphers on
\nssl_session_cache shared:SSL:10m;
\nerror_page 404 \/404.html ;
\nLocation ~ [^\/]\\.php(\/|$) {
\nfastcgi_index index.php;
\ninclude fastcgi.conf;
\nfastcgi_pass 127.0.0.1:9000;
\n#include fastcgi_params;
\nfastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
\n}
\naccess_log \/data\/logs\/ Nginx\/access.log access;
\nerror_log \/data\/logs\/nginx\/error.log crit;
\n}<\/p>\n

Offer ssl optimization, the following can be used according to business, not all configuration, the general configuration of the red part on the line<\/p>\n

Ssl on;
\nssl_certificate \/usr\/local\/https\/www.localhost.com.crt;
\nssl_certificate_key \/usr\/local\/https\/www.localhost.com.key;<\/p>\n

Ssl_protocols TLSv1 TLSv1.1 TLSv1.2; #allows only TLS protocol
\nssl_ciphers ECDHE-RSA-AES256-SHA384:AES256-SHA256:RC4:HIGH:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:! AESGCM; # cipher suite, here used CloudFlare’s Internet facing SSL cipher configurationssl_prefer_server_ciphers on; # negotiated the best encryption algorithm for the server ssl_session_cache builtin: 1000 shared: SSL: 10m;
\n# Session Cache, the Session cache to the server, which may take up More server resources ssl_session_tickets on; # Open the browser’s Session Ticket cache ssl_session_timeout 10m; # SSL session expiration time ssl_stapling on;
\n# OCSP Stapling is ON, OCSP is a service for online query certificate revocation, using OCSP Stapling can certificate The valid state information is cached to the server to increase the TLS handshake speed ssl_stapling_verify on; #OCSP Stapling verification opens the resolver 8.8.8.8 8.8.4.4 valid=300s; # is used to query the DNS resolver_timeout 5s of the OCSP server; # query domain timeout time<\/p>\n","protected":false},"excerpt":{"rendered":"

The company intends to replace http with https in the Ngxin environment. It requires http to force a jump to https. This search on the Internet, the basic summary Configure rewrite ^(.*)$ https:\/\/$host$1 permanent;<\/p>\n

Or in the server configuration return 301 https:\/\/$server_name$request_uri;<\/p>\n

Or in the server with if, here refers to the need to configure […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[70],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7488"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7488"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7488\/revisions"}],"predecessor-version":[{"id":7489,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7488\/revisions\/7489"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7488"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7488"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7488"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}