重定向错误（certbot 更新/nginx 后）

Question

我的网络服务器的这个配置部分工作（实际的 Ubuntu）。如果最新的 Firefox 通过智能手机使用该站点，则会导致重定向错误。其他一些浏览器可能工作，但不可靠。我试图删除浏览器缓存并重新启动/重新加载 nginx-server。 NGINX 配置中是否有错误？当我使用 certbot 更新 SSL 证书时，问题首先出现。谢谢！

    server {
        listen 443 ssl;
        listen [::]:443 ssl;
    
        # SSL configuration
        #
        # listen 443 ssl default_server;
        # listen [::]:443 ssl default_server;
        #
        # Note: You should disable gzip for SSL traffic.
        # See: https://bugs.debian.org/773332
        #
        # Read up on ssl_ciphers to ensure a secure configuration.
        # See: https://bugs.debian.org/765782
        #
        # Self signed certs generated by the ssl-cert package
        # Don't use them in a production server!
        #
        # include snippets/snakeoil.conf;    
    
        server_name sozcafe.de;     
        
        location / {
            root /var/www/html;
            index index.php;
            try_files $uri $uri/ @rewrite;
        }
        
        location @rewrite {
            rewrite ^/(forum/|chat/|cms/|wcf/|calendar/|filebase/|blog/|gallery/)?([^.]+)$ /$1index.php?$2 last;
        }
        ssl_certificate /etc/letsencrypt/live/sozcafe.de/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/sozcafe.de/privkey.pem; # managed by Certbot
        
        #ssl_certificate /etc/letsencrypt/live/www.coffeecat.de/cert.pem;
        #ssl_certificate_key /etc/letsencrypt/live/www.coffeecat.de/privkey.pem;
        
        # pass PHP scripts to FastCGI server
        #
        location ~ \.php$ {
            root /var/www/html;
            index index.php;
            include snippets/fastcgi-php.conf;  
        
            
            
        #
        #   # With php-fpm (or other unix sockets):
            fastcgi_pass unix:/var/run/php/php7.4-fpm.sock;
        #   # With php-cgi (or other tcp sockets):
        #   fastcgi_pass 127.0.0.1:9000;
        }
    
        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #   deny all;
        #}
    
    
    }
    
    server {
        
        server_name sozcafe.de www.sozcafe.de;
        return 301 https://$server_name$request_uri;
        
    
        listen [::]:443 ssl ipv6only=on; # managed by Certbot
        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/sozcafe.de/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/sozcafe.de/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    
    
    }
    
    server {
        if ($host = www.sozcafe.de) {
            return 301 https://$host$request_uri;
        } # managed by Certbot
    
    
        if ($host = sozcafe.de) {
            return 301 https://$host$request_uri;
        } # managed by Certbot
    
    
        listen 80;
        listen [::]:80;
        
        server_name sozcafe.de www.sozcafe.de;
        return 404; # managed by Certbot
    
    }

Answer 1

仔细查看您的配置文件，您会发现您在两个服务器块中侦听相同的端口（@98​​7654321@）和相同的服务器名称（sozcafe.de），第一个和第二个是更详细。在配置的第二个服务器块中使用语句 return 301 https://$server_name$request_uri 会导致 "infinite loop" 的效果，因为 nginx 总是在您每次访问时重定向到此服务器块域。

我怀疑 Certbot 在您运行它时添加了其中一个。

您可以通过删除第二个服务器块中的sozcafe.de 来解决此问题，从而仅重定向www 域而不是目标域本身。

    server {
        
        # server_name sozcafe.de www.sozcafe.de;
        server_name www.sozcafe.de;
        return 301 https://$server_name$request_uri;
        
    
        listen [::]:443 ssl ipv6only=on; # managed by Certbot
        listen 443 ssl; # managed by Certbot
        ssl_certificate /etc/letsencrypt/live/sozcafe.de/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/sozcafe.de/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    
    
    }