Цикл перенаправления Nginx для HTTPS на сайте TYPO3
Я испытываю этот странный цикл перенаправления с моей текущей конфигурацией TYPO3 vhost. Это странно, потому что в Firefox он работает нормально, но в Chrome он не работает. Это также смешанный опыт для других людей на работе. Некоторые из них не видят проблему, а некоторые видят. Хотя пользователи Mac сообщают, что эта проблема возникает чаще, чем пользователи других ОС.
Во всяком случае, вот файлы конфигурации:
nginx.conf
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
ВХост:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl default_server;
listen [::]:443 ssl default_server;
include snippets/cert.conf;
include snippets/ssl-params.conf;
root /var/www/typo37/web;
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~ /\. {
deny all;
access_log off;
log_not_found off;
}
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
fastcgi_buffer_size 128k;
fastcgi_buffers 256 16k;
fastcgi_busy_buffers_size 256k;
fastcgi_temp_file_write_size 256k;
fastcgi_read_timeout 1200;
fastcgi_param HTTPS on;
}
location ~ /\.(js|css)$ {
expires 604800s;
}
if (!-e $request_filename){
rewrite ^/(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ /$1.$3 last;
}
location ~* ^/fileadmin/(.*/)?_recycler_/ {
deny all;
}
location ~* ^/fileadmin/templates/.*(\.txt|\.ts)$ {
deny all;
}
location ~* ^/typo3conf/ext/[^/]+/Resources/Private/ {
deny all;
}
location ~* ^/(typo3/|fileadmin/|typo3conf/|typo3temp/|uploads/|favicon\.ico) {
}
location / {
if ($query_string ~ ".+") {
return 405;
}
if ($http_cookie ~ 'nc_staticfilecache|be_typo_user|fe_typo_user' ) {
return 405;
} # pass POST requests to PHP
if ($request_method !~ ^(GET|HEAD)$ ) {
return 405;
}
if ($http_pragma = 'no-cache') {
return 405;
}
if ($http_cache_control = 'no-cache') {
return 405;
}
error_page 405 = @nocache;
try_files /typo3temp/tx_ncstaticfilecache/$host${request_uri}index.html @nocache;
}
location @nocache {
try_files $uri $uri/ /index.php$is_args$args;
}
}
SSL-params.conf
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains" always;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
ssl_dhparam /etc/ssl/certs/dhparam.pem;
cert.conf
ssl_certificate /etc/ssl/certs/COMPANY.crt;
ssl_certificate_key /etc/ssl/private/COMPANY.key;
fastcgi_params
fastcgi_param QUERY_STRING $query_string;
fastcgi_param REQUEST_METHOD $request_method;
fastcgi_param CONTENT_TYPE $content_type;
fastcgi_param CONTENT_LENGTH $content_length;
fastcgi_param SCRIPT_NAME $fastcgi_script_name;
fastcgi_param REQUEST_URI $request_uri;
fastcgi_param DOCUMENT_URI $document_uri;
fastcgi_param DOCUMENT_ROOT $document_root;
fastcgi_param SERVER_PROTOCOL $server_protocol;
fastcgi_param REQUEST_SCHEME $scheme;
fastcgi_param HTTPS off;
fastcgi_param GATEWAY_INTERFACE CGI/1.1;
fastcgi_param SERVER_SOFTWARE nginx/$nginx_version;
fastcgi_param REMOTE_ADDR $remote_addr;
fastcgi_param REMOTE_PORT $remote_port;
fastcgi_param SERVER_ADDR $server_addr;
fastcgi_param SERVER_PORT $server_port;
fastcgi_param SERVER_NAME $server_name;
fastcgi_param REDIRECT_STATUS 200;
Пожалуйста, помогите мне понять это.