nginx強制跳轉https

這裏要注意的就是由於nginx沒有配置中級證書的參數，所以根證書和證書文件需要合併起來配置，這個apache有點區別，證書鏈文件建議是配置上去apache有相應參數可以配置nginx沒有。
cat domain.crt domian.ca > domian.pem
 
寫2個server,80端口用return 301跳轉即可。
cat domain-80.conf
server {
    listen IP:80;
    server_name DOMAIN;
    if ( $host ~* ^[a-zA-Z0-9\-]+\.([a-zA-Z0-9]+)?$ ){
        rewrite ^/(.*)$ https://www.$host/$1 permanent;
        }
    index index.php index.html index.htm;
    location / {
         return 301 https://domain$request_uri;
        limit_req zone=one burst=30;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header CLIENT_IP $proxy_add_x_forwarded_for;
        proxy_set_header AUTHZH aGZoZj13g5N2FmaDk4;
        proxy_pass http://IP:80/;
    }
    location ~* ^.+\.(gz|tar|tgz|tbz||zip|xz|bz2|rar|7z|sql|exe|dll|msi|iso|pdf)$ {
        limit_conn conn 2;
        limit_rate 200k;
        proxy_redirect off;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header CLIENT_IP $proxy_add_x_forwarded_for;
        proxy_set_header AUTHZH aGZoZjg12321Zoc2FmaDk4;
        proxy_pass http://ip:80;
    }
    location ~* ^/(403|500|503)\.html { root html; }
} 


cat domain.com.conf
server {
    listen          IP:443;
    server_name     domain;
    index           index.php index.html index.htm;


    ssl on;
    ssl_certificate /usr/local/nginx/conf/ssl/DOMINA/DOMAIN.pem;
    ssl_certificate_key /usr/local/nginx/conf/ssl/domain/domain.key;
    ssl_session_timeout    5m;
    ssl_protocols SSLv2 SSLv3 TLSv1;
    ssl_prefer_server_ciphers   on;

    location / {
        proxy_redirect          off;
        proxy_set_header        Host $host;
        proxy_set_header                X-Real-IP $proxy_add_x_forwarded_for;
        proxy_set_header                CLIENT_IP $proxy_add_x_forwarded_for;
        proxy_set_header                X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        AUTHZH aGZoZjg5N34Y3Zoc2FmaDk4;
    proxy_set_header    X_FORWARDED_PROTO  https;
        proxy_pass http://IP;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }
}