Назад | Перейти на главную страницу

Цикл перенаправления Nginx для HTTPS на сайте TYPO3

Я испытываю этот странный цикл перенаправления с моей текущей конфигурацией виртуального хоста TYPO3. Это странно, потому что в Firefox вроде нормально работает, а в Chrome не работает. Это также неоднозначный опыт для других людей на работе. Некоторые из них не видят проблемы, а некоторые видят. Хотя пользователи Mac сообщают об этой проблеме чаще, чем пользователи других ОС.

Во всяком случае, вот файлы конфигурации:

nginx.conf


user www-data;
worker_processes auto;
pid /run/nginx.pid;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        gzip on;
        gzip_disable "msie6";

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

vhost:


server {
        listen 80 default_server;
        listen [::]:80 default_server;
        server_name _;
        return 302 https://$host$request_uri;
}

server {        
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;

        include snippets/cert.conf;
        include snippets/ssl-params.conf;

        root /var/www/typo37/web;

        index index.php index.html index.htm index.nginx-debian.html;

        server_name _;

        location = /favicon.ico {
                log_not_found off;
                access_log off;
       }

       location = /robots.txt {
                allow all;
                log_not_found off;
                access_log off;
       }

       location ~ /\. {
                deny all;
                access_log off;
                log_not_found off;
       }

        location ~ \.php$ {
                        try_files $uri =404;
                        include /etc/nginx/fastcgi_params;
                        fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
                        fastcgi_index index.php;
                        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
                        fastcgi_intercept_errors on;
                        fastcgi_buffer_size 128k;
                        fastcgi_buffers 256 16k;
                        fastcgi_busy_buffers_size 256k;
                        fastcgi_temp_file_write_size 256k;
                        fastcgi_read_timeout 1200;
                        fastcgi_param HTTPS on;
        }


        location ~ /\.(js|css)$ {
                expires 604800s;
        }

        if (!-e $request_filename){
                rewrite ^/(.+)\.(\d+)\.(php|js|css|png|jpg|gif|gzip)$ /$1.$3 last;
        }

        location ~* ^/fileadmin/(.*/)?_recycler_/ {
                deny all;
        }
        location ~* ^/fileadmin/templates/.*(\.txt|\.ts)$ {
                deny all;
        }

        location ~* ^/typo3conf/ext/[^/]+/Resources/Private/ {
                deny all;
        }

        location ~* ^/(typo3/|fileadmin/|typo3conf/|typo3temp/|uploads/|favicon\.ico) {
        }

        location / {

                        if ($query_string ~ ".+") {
                                return 405;
                        }
                        if ($http_cookie ~ 'nc_staticfilecache|be_typo_user|fe_typo_user' ) {
                                return 405;
                        } # pass POST requests to PHP
                        if ($request_method !~ ^(GET|HEAD)$ ) {
                                return 405;
                        }
                        if ($http_pragma = 'no-cache') {
                                return 405;
                        }
                        if ($http_cache_control = 'no-cache') {
                                return 405;
                        }
                        error_page 405 = @nocache;

                        try_files /typo3temp/tx_ncstaticfilecache/$host${request_uri}index.html @nocache;
        }

        location @nocache {
                        try_files $uri $uri/ /index.php$is_args$args;
        }
}

ssl-params.conf


ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_ecdh_curve secp384r1;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4 valid=300s;
resolver_timeout 5s;
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains" always;
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;

ssl_dhparam /etc/ssl/certs/dhparam.pem;

cert.conf


ssl_certificate /etc/ssl/certs/COMPANY.crt;
ssl_certificate_key /etc/ssl/private/COMPANY.key;

fastcgi_params


fastcgi_param  QUERY_STRING       $query_string;
fastcgi_param  REQUEST_METHOD     $request_method;
fastcgi_param  CONTENT_TYPE       $content_type;
fastcgi_param  CONTENT_LENGTH     $content_length;

fastcgi_param  SCRIPT_NAME        $fastcgi_script_name;
fastcgi_param  REQUEST_URI        $request_uri;
fastcgi_param  DOCUMENT_URI       $document_uri;
fastcgi_param  DOCUMENT_ROOT      $document_root;
fastcgi_param  SERVER_PROTOCOL    $server_protocol;
fastcgi_param  REQUEST_SCHEME     $scheme;
fastcgi_param  HTTPS              off;

fastcgi_param  GATEWAY_INTERFACE  CGI/1.1;
fastcgi_param  SERVER_SOFTWARE    nginx/$nginx_version;

fastcgi_param  REMOTE_ADDR        $remote_addr;
fastcgi_param  REMOTE_PORT        $remote_port;
fastcgi_param  SERVER_ADDR        $server_addr;
fastcgi_param  SERVER_PORT        $server_port;
fastcgi_param  SERVER_NAME        $server_name;

fastcgi_param  REDIRECT_STATUS    200;

Пожалуйста, помогите мне разобраться в этом.