在某些path上强制使用SSL,并在所有其他path上使用NGINX强制不使用SSL

我如何设置NGINX的SSLconfiguration,以便除了几个定义的path之外的任何东西都redirect到非SSL位置?

我目前的configuration看起来像这样。 它是为Django设立的。

# Django Configuration upstream prod { server 127.0.0.1:8080; } server { listen 80; server_name www.mysite.org; rewrite ^/(.*) http://mysite.org/$1 permanent; } server { listen 80; server_name mysite.org; root /var/www/mysite.org/cache/; access_log /var/log/nginx/mysite.org.access.log; error_log /var/log/nginx/mysite.org.error.log; client_max_body_size 100m; #Static files location location ~ ^/(media)/ { root /var/www/mysite.org/html/; expires 30d; } # Send everyone to django initially set $django 1; if ($is_args = "?") { set $args_old ?$args; } if ($is_args = "") { set $args_old ""; } default_type text/html; location / { include /etc/nginx/proxy.conf; if (-f $request_filename/index.html$args_old) { set $django 0; } if ($request_method != GET) { set $django 1; } # For authorized users # if ($http_cookie ~* "sessionid=([^;]+)(>:;|$)") { # set $django 1; # } # Give back cache if ($django = 0) { rewrite (.*) $1/index.html$args_old break; } # Send to django if ($django) { proxy_pass http://prod; break; } } } server { listen 443; server_name mysite.org; ssl on; ssl_certificate /etc/ssl/certs/mysite-final.crt; ssl_certificate_key /etc/ssl/private/mysite.key; ssl_prefer_server_ciphers on; # access_log /var/log/nginx/ssl.mysite.access.log; # error_log /var/log/nginx/ssl.mysite.error.log; client_max_body_size 100m; #Static files location location ~ ^/(media)/ { root /var/www/mysite.org/html/; expires 30d; } default_type text/html; location / { include /etc/nginx/proxy.conf; proxy_set_header X-Forwarded-Protocol https; proxy_pass http://prod; } } 

你只需要添加这个:

 rewrite ^(.*) https://$server_name$1 permanent; 

接近您的configuration中的位置/部分的结尾。