Correct, you give the HSTS header on the SSL/TLS port. So if *any*
connection in the past has gone to the SSL/TLS port, the browser is forced
to use https:// for any future connection. You should set it to 1 for a
while and then disable it.
On Mar 20, 2015 9:48 AM, "jinwon42" <nginx-forum@nginx.us> wrote:
> Sorry.
>
> 80 port is right.
>
>
> if ($scheme != $example_org_preferred_proto) {
> return 301
> $example_org_preferred_proto://$server_name$request_uri;
> }
>
>
> Still saw error. "ERR_TOO_MANY_REDIRECTS"
>
>
>
>
> -------------------------------------------------------
>
> map $request_uri $example_org_preferred_proto {
> default "https";
> ~^/mobile/PayOnlyResult.do "http";
> ~^/kor/tel.do "http";
> }
>
> server {
> listen 443 ssl;
> listen 80;
> server_name www.aaaa.com;
>
> charset utf-8;
>
> #ssl on;
> ssl_certificate D:/nginx-1.7.10/ssl/cert.pem;
> ssl_certificate_key D:/nginx-1.7.10/ssl/key.pem;
> ssl_verify_client off;
>
> ssl_session_timeout 5m;
>
> ssl_protocols SSLv3 TLSv1;
> ssl_ciphers AES256-SHA:HIGH:!EXPORT:!eNULL:!ADH:RC4+RSA;
> ssl_prefer_server_ciphers on;
>
> # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6
> months)
> add_header Strict-Transport-Security max-age=15768000;
>
> error_page 400 /error/error.html;
> error_page 403 /error/error.html;
> error_page 404 /error/error.html;
>
> if ($scheme != $example_org_preferred_proto) {
> return 301
> $example_org_preferred_proto://$server_name$request_uri;
> }
>
> location / {
> proxy_set_header Host $host;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-Host $host;
> proxy_set_header X-Forwarded-Server $host;
> proxy_set_header X-Forwarded-For
> $proxy_add_x_forwarded_for;
> proxy_set_header X-Forwarded-Proto $scheme;
> proxy_set_header Host $http_host;
> proxy_buffering off;
> proxy_connect_timeout 60;
> proxy_read_timeout 60;
> proxy_pass http://wwwaaaacom;
> proxy_ssl_session_reuse off;
> }
> }
>
> Posted at Nginx Forum:
> http://forum.nginx.org/read.php?2,257458,257469#msg-257469
>
> _______________________________________________
> nginx mailing list
> nginx@nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
>
_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx