Gyara An aika buƙatun HTTP bayyananne zuwa tashar HTTPS Kuskure a cikin Nginx


A cikin wannan labarin, za mu nuna yadda za a warware \Mummunan Buƙatar 400: An aika buƙatun HTTP a fili zuwa tashar HTTPS a cikin uwar garken Nginx HTTP. Wannan kuskuren yakan taso lokacin da kake ƙoƙarin saita Nginx don sarrafa buƙatun HTTP da HTTPS duka.

Don manufar wannan jagorar, muna la'akari da yanayin da nginx ke ba da sabis na shafukan yanar gizo da yawa da aka aiwatar ta hanyar runduna masu kama da juna a cikin Apache) gidan yanar gizon yanar gizo ɗaya ne kawai ke amfani da SSL kuma sauran ba sa.

Za mu kuma yi la'akari da samfurin SSL ɗin da ke ƙasa (mun canza ainihin sunan yankin don dalilai na tsaro), wanda ya gaya wa nginx don sauraron duka tashar jiragen ruwa 80 da 443. Kuma duk buƙatun akan HTTP ya kamata a tura su zuwa HTTPS ta tsohuwa.

server{
        listen 80;
        server_name example.com www.example.com;
        return 301 https://www.example.com$request_uri;
}
server {
        listen 443 ssl http2;
        server_name example.com www.example.com;

        root   /var/www/html/example.com/;
        index index.php index.html index.htm;

        #charset koi8-r;
        access_log /var/log/nginx/example.com/example.com_access_log;
        error_log   /var/log/nginx/example.com/example.com_error_log   error;

        # SSL/TLS configs
        ssl on;
        ssl_certificate /etc/ssl/certs/example_com_cert_chain.crt;
        ssl_certificate_key /etc/ssl/private/example_com.key;

        include /etc/nginx/ssl.d/ssl.conf;

        location / {
                try_files $uri $uri/ /index.php?$query_string;
        }

        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
                root   /var/www/html/example.com/;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        location ~ \.php$ {

                root   /var/www/html/example.com/;
                fastcgi_pass   127.0.0.1:9001;
                #fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
                fastcgi_index  index.php;
                fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
                include         fastcgi_params;
                include /etc/nginx/fastcgi_params;

        }
        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
}

Yin amfani da tsarin da ke sama, da zarar abokin ciniki ya yi ƙoƙarin shiga rukunin yanar gizon ku ta tashar jiragen ruwa 80 watau http://example.com, za a nuna kuskuren da ke cikin tambaya kamar yadda yake cikin hoton allo na gaba.

Kuna fuskantar wannan kuskuren saboda duk lokacin da abokin ciniki ya yi ƙoƙarin shiga rukunin yanar gizon ku ta HTTP, ana tura buƙatar zuwa HTTPS. Saboda nginx yana tsammanin za a yi amfani da SSL a cikin ma'amala duk da haka ainihin buƙatun t (wanda aka karɓa ta tashar jiragen ruwa 80) ya kasance a fili HTTP, yana koka da kuskuren.

A gefe guda, idan abokin ciniki yana amfani da https://example.com, ba za su ci karo da kuskuren da ke sama ba. Bugu da ƙari, idan kuna da wasu gidajen yanar gizon da aka saita don kada suyi amfani da SSL, nginx zai yi ƙoƙarin amfani da HTTPS ta tsohuwa a gare su wanda ya haifar da kuskuren da ke sama.

Don gyara wannan kuskuren, sharhi fitar da layin da ke ƙasa a cikin tsarin ku ko saita shi a kashe.

#ssl on 
OR
ssl off

Ajiye kuma rufe fayil ɗin. Sannan sake kunna sabis na nginx.

# systemctl restart nginx
OR
$ sudo systemctl restart nginx

Ta wannan hanyar, zaku iya kunna nginx don sarrafa buƙatun HTTP da HTTPS don tubalan uwar garken da yawa.

A ƙarshe, a ƙasa akwai jerin labarai game da kafa SSL HTTPS akan rabawa Linux gama gari da FreeBSD.

  1. Kafa HTTPS tare da Bari Mu Encrypt SSL Certificate Don Nginx akan RHEL/CentOS
  2. Amintaccen Nginx tare da Kyauta Bari Mu Encrypt SSL Certificate akan Ubuntu da Debian
  3. Yadda ake Amintar da Nginx tare da SSL kuma Bari Mu Rufewa a cikin FreeBSD

Shi ke nan a yanzu. Idan kun san kowace hanya don magance wannan kuskure, da fatan za a sanar da mu ta hanyar amsawar da ke ƙasa.