https登陆时自动跳转到http

RT,https登陆时老是自动跳转到http,再把跳转后的网址改成https又可以正常使用包括上传下载文件。

怎么让他在登陆的时候不要跳转到http呢?SERVICE_URL、FILE_SERVER_ROOT都已经配置为https://www.xxx.com了

你 nginx 的配置是怎么样的。有这个 fastcgi_param HTTP_SCHEME https;

完整的配置

  location / {
      fastcgi_pass    127.0.0.1:8000;
      fastcgi_param   SCRIPT_FILENAME     $document_root$fastcgi_script_name;
      fastcgi_param   PATH_INFO           $fastcgi_script_name;

      fastcgi_param   SERVER_PROTOCOL    $server_protocol;
      fastcgi_param   QUERY_STRING        $query_string;
      fastcgi_param   REQUEST_METHOD      $request_method;
      fastcgi_param   CONTENT_TYPE        $content_type;
      fastcgi_param   CONTENT_LENGTH      $content_length;
      fastcgi_param   SERVER_ADDR         $server_addr;
      fastcgi_param   SERVER_PORT         $server_port;
      fastcgi_param   SERVER_NAME         $server_name;
      fastcgi_param   REMOTE_ADDR         $remote_addr;
      fastcgi_param   HTTPS               on;
      fastcgi_param   HTTP_SCHEME         https;

      access_log      /var/log/nginx/seahub.access.log;
      error_log       /var/log/nginx/seahub.error.log;
  }

配置成HSTS后问题解决

你好!新手求问请问具体是如何解决的呢?
自己用家里电脑架设,目前先用免费ddns+nginx+自签名证书试水,nginx配置基本照搬官方手册里的,没用fastcgi。
局域网内部访问是没问题的,但是ISP屏蔽了80端口导致在外网用web端登录的时候老被这个https跳转到http卡住,登不进去,郁闷(手机客户端https正常使用)

强制https,把你配置贴上来看看

worker_processes  1;

events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;
    sendfile        on;
    keepalive_timeout  65;

    server {
        listen       80;
        server_name  localhost;
    	rewrite ^ https://$http_host$request_uri? permanent;
		server_tokens off;
    }
    
    server {
        listen       443 ssl;
		ssl          on;
        server_name  localhost;

        ssl_certificate      C:/nginx-1.13.5/ssl/test.crt;
        ssl_certificate_key  C:/nginx-1.13.5/ssl/test.key;

        ssl_session_cache    shared:SSL:5m;
        ssl_session_timeout  5m;
		
		ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
        ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-CAMELLIA256-SHA:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-SEED-SHA:DHE-RSA-CAMELLIA128-SHA:HIGH:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS';
        ssl_prefer_server_ciphers on;
		
		proxy_set_header X-Forwarded-For $remote_addr;
		
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
        server_tokens off;
		
		
        location / {
		    proxy_pass         http://127.0.0.1:8000;		
            proxy_set_header   Host $host;
            proxy_set_header   X-Real-IP $remote_addr;
		    proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Host $server_name;
            proxy_set_header   X-Forwarded-Proto https;
		    client_max_body_size 0;
		 
			access_log      C:/nginx-1.13.5/logs/seahub.access.log;
            error_log       C:/nginx-1.13.5/logs/seahub.error.log;

            proxy_read_timeout  1200s;
			
        }
		
	    location /seafhttp {
        rewrite ^/seafhttp(.*)$ $1 break;
        proxy_pass http://127.0.0.1:8082;
        client_max_body_size 0;

        proxy_connect_timeout  36000s;
        proxy_read_timeout  36000s;
        proxy_send_timeout  36000s;

        send_timeout  36000s;
    }
    location /media {
        root C:/Seafile/seafile-server-6.0.7/seahub;
    }

    }

}

下面这段不完整 你跟官方对此下

完整的,修改成这样就可以了:
add_header Strict-Transport-Security “max-age=31536000; includeSubDomains;preload” always;

还是不成功,我认为应该和nginx无关了,因为80端口完全被封,nginx根本无法相应那个http的请求,包括“访问http时强制转到https”,问题应该是出在seafile的web页点击这个登录按钮以后执行的命令上

就是配置问题,请仔细检查好配置。我的情况跟你的一样的,我的也是80被封,只能用443,配置强制https后解决

配置已经按你给的改好了,还是不行:sweat:
我这的电信是同城同是电信的就可以访问我的80端口,但是异地的或者是别的ISP的(比如换到联通、移动、广电)就访问不了我的80端口。改了配置还是一样的情况,不知道是哪个环节出问题了,目前用的是win10+nginx1.13.5+seafile 6.0.7,正在装ubuntu版的测试

能否贴个你现在在用的完整的nginx.conf给我参考一下呢?

你环境跟我一模一样,不用转Ubuntu了

server {
    listen       443 ssl http2;
    server_name  pan.xxxx.com;

    ssl_certificate      D://Web_Srv//ssl//xxxx.com.cer;
    ssl_certificate_key  D://Web_Srv//ssl//xxxx.com.key;
	ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
	ssl_session_tickets      on;
	ssl_stapling             on;
	ssl_stapling_verify      on;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
	proxy_set_header X-Forwarded-For $remote_addr;
	
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;preload" always;
	server_tokens off;
	
	location / {
		proxy_set_header        Host                $http_host;
		proxy_set_header        X-Real-IP           $remote_addr;
		proxy_set_header        X-Forwarded-For     $proxy_add_x_forwarded_for;
		proxy_set_header        X-Forwarded-Proto   $scheme;
		proxy_intercept_errors  on;
		proxy_http_version      1.1;
		proxy_hide_header        X-Powered-By;
		proxy_read_timeout  1200s;
		client_max_body_size 0;
		proxy_pass http://127.0.0.1:8000;

	} 
	location /seafhttp { 
		rewrite ^/seafhttp(.*)$ $1 break;
		proxy_pass http://127.0.0.1:8082;
		client_max_body_size 0;
		proxy_connect_timeout  36000s;
		proxy_read_timeout  36000s; 
		proxy_send_timeout  36000s;
		send_timeout  36000s;
	}
	location /media {
		root "D:/Program Files/seafile/seahub";
	}
}

还有你的server_name是错的

找到问题所在了,搞定了,非常感谢!
把自签名证书添加到win受信任的根证书颁发机构,IE和Edge都可以直接登录了,不会跳到http。

然而Chrome还是不行,这应该是因为Chrome不信任自签名证书才引起的登录时https跳http,即使点了“继续前往”也是一样,手机版Chrome直接连手动信任都没有直接无法访问。

看来想办法申请一个正规的证书才能达成全兼容了

申请个Let’s Encrypt 证书就可以了

Let’s Encrypt客户端申请证书也需要通过80端口验证,蛋疼

用DNS的方式啊,我就是用这个试书的

参考这个http://www.cnblogs.com/teamblog/p/6219204.html

你是自己买了个域名吗?不知道有没有免费的DDNS可以支持DNS验证的

编辑:注册域名并申请了浏览器信任的机构颁发的证书后解决问题

把监听80端口那部分删了,不是自签名证书的问题。只监听443端口,外网直接输入动态域名,不需要加任何端口号就可以登陆了。edge和chrome只会提示是不安全的证书。