nginx: redirect everything from http to https, exc

2019-01-21 16:26发布

站内问答 / 移动开发
1965 2 5

I have a website which should only be reachable over HTTPS except one URL-pattern (because I have on some pages http-iframe's and I would like to avoid security warnings)

E.g. this pages should be redirected to https:
http://example.com
http://example.com/a/this-is-an-article
http://example.com/v/this-is-a-video

This pages should not be redirected to https (or should be redirected form https to http)
http://example.com/l/page-with-unsafe-iframe
http://example.com/l/other-page-with-unsafe-iframe

标签: nginx
举报
2条回答
欢心
2楼-- · 2019-01-21 17:05

You may use map and simple redirect rules, for example:

map $uri $redirect_https {
    /l/page-with-unsafe-iframe         0;
    /l/other-page-with-unsafe-iframe   0; # you can use regex here
    default                            1;
}

server {
    listen 443;

    if ($redirect_https = 0) {
       return 301 http://$server_name$request_uri;
    }

    # other code
}
server {
    listen 80;

    if ($redirect_https = 1) {
       return 301 https://$server_name$request_uri;
    }

    # other code
}

I should mention that 301 redirect is a good practice unlike permanent rewrite.

查看更多
0人赞 添加讨论(0) 举报
甜甜的少女心
3楼-- · 2019-01-21 17:24

If the iframe pages are always in the same directory, simple prefix locations could be used.

server {
    listen 443;

    location /l/ {  # redirect https iframe requests to http server
        return 301 http://$server_name$request_uri;
    }
    # ...
}

server {
    listen 80;

    location / {  # the default location redirects to https
        return 301 https://$server_name$request_uri;
    }

    location /l/ {}  # do not redirect requests for iframe location
    # ...
}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)