Is there a way to redirect https:// requests to http:// by adding a rule in the domain's vhost file? I'm using NGINX.
相关问题
- Stop .htaccess redirect with query string
- Mechanize getting “Errno::ECONNRESET: Connection r
- Tomcat and SSL Client certificate
- UrlEncodeUnicode and browser navigation errors
- Can we add four protocols to ServicePointManager.S
The only simple rule is already explained on the post above me:
Why is something like that useful? At first look I wasn't sure if it could be done. But it presented an interesting question.
You might try putting a redirect statement in your config file and restarting your server. Two possibilities might happen:
Will add more if I come up with something more concrete.
UPDATE: (couple of hours later) You could try this. You need to put this in your nginx.conf file -
Sends a permanent redirect to the client. I am assuming you are using port 443 (default) for https.
Add this so that your normal http requests on port 80 are undisturbed.
UPDATE: 18th Dec 2016 -
server_name _
should be used instead ofserver_name _ *
in nginx versions > 0.6.25 (thanks to @Luca Steeb)This helped me:
this question would have been better suited to the serverfault.com site.
A better way to do the redirect to http:
This avoid both the 'if' clause and the regex in the rewrite that are features of the other solutions to date. Both have performance implications, though in practice you'd have to have quite a lot of traffic before it would matter.
Depending on your setup, you are likely to also want to specify an ip in the listen clause, and perhaps a servername clause in the above. As is, it will apply to all port 443 requests for all domain names. You generally want an IP per domain with https, so mostly tying the above to an IP is more to the point than tying it to a domain name, but there's variations on that, eg where all domains are subdomains of one domain.
EDIT: TLS is close to universal now, and with it Server Name Identification (SNI) which allows for HTTPS sites on multiple domains sharing a single IP. There's a good write-up here
rewrite
andif
should be avoided with Nginx. The famous line is, "Nginx is not Apache": in other words, Nginx has better ways to handle URLs than rewriting.return
is still technically part of the rewrite module, but it doesn't carry the overhead ofrewrite
, and isn't as caveat-ridden asif
.Nginx has an entire page on why
if
is "evil". It also provides a constructive page explaining whyrewrite
andif
are bad, and how you can work around it. Here's what the page has to say regardingrewrite
andif
:You can solve this problem properly using
return
:If you expect a lot of bots that don't send a
Host
header, you can use$host
instead of$http_host
as long as you stick to ports 80 and 443. Otherwise, you'll need to dynamically populate an$http_host
substitute. This code is efficient and safe as long as it appears in the root ofserver
(rather than in alocation
block), despite usingif
. However, you'd need to be using a default server for this to be applicable, which should be avoided with https.If you want to enforce SSL/TLS for specific paths, but forbid it otherwise:
If your server isn't in direct communication with the client--for example, if you're using CloudFlare--things get a bit more complicated. You'll need to ensure that any server in direct communication with the client adds an appropriate
X-Forwarded-Proto
header to the request.Using this is a messy proposition; for a full explanation, see IfIsEvil. In order for this to be useful, the
if
block cannot be inside alocation
block, for a variety of complex reasons. This forces the use ofrewrite
for URI testing. In short, if you have to use this on a production server... don't. Think of it this way: if you've outgrown Apache, you've outgrown this solution./secure, /secure/, and anything in /secure/ will enforce https, while all other URIs will enforce http. The
(?! )
PCRE construct is a negative lookahead assertion.(?: )
is a non-capturing group.