我使用的是代码点火器,我们的服务器有一些奇怪的配置。
我希望certian页面位于https之后,certian页面处于http之后,以及其他我不关心的页面。
下面是我的设置,
- 如果我转到
http://test.example.com
(它调用disable_ssl()
),页面加载良好 - 如果我转到
https://test.example.com/login
(它调用了require_ssl()
),页面加载良好 - 如果我转到
http://test.example.com/login
,我会被重定向到https版本。这很好 - 如果我转到
https://test.example.com
,那么我会被重定向循环击中。。。由于某种原因,即使我显式地写http
,头也一直被设置为https
而不是http
http请求上的$_SERVER
数组看起来像
Array
(
[REDIRECT_STATUS] => 200
[HTTP_HOST] => test.example.com:80
[HTTP_X_REAL_IP] => 119.224.22.142
[HTTP_X_FORWARDED_FOR] => 119.224.22.142
[HTTP_X_URL_SCHEME] => http
[HTTP_CONNECTION] => close
[HTTP_CACHE_CONTROL] => max-age=0
[HTTP_USER_AGENT] => Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9;q=0.8
[HTTP_ACCEPT_ENCODING] => gzip,deflate,sdch
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8,en-NZ;q=0.6
[HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.3
[HTTP_COOKIE] => [...]
[PATH] => /usr/local/bin:/usr/bin:/bin
[SERVER_SIGNATURE] =>
Apache/2.2.14 (Ubuntu) Server at test.example.com Port 8080
[SERVER_SOFTWARE] => Apache/2.2.14 (Ubuntu)
[SERVER_NAME] => test.example.com
[SERVER_ADDR] => 127.0.0.1
[SERVER_PORT] => 8080
[REMOTE_ADDR] => 127.0.0.1
[DOCUMENT_ROOT] => /var/www
[SERVER_ADMIN] => webmaster@localhost
[SCRIPT_FILENAME] => /var/www/index.php
[REMOTE_PORT] => 54833
[REDIRECT_URL] => /
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.0
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /
[SCRIPT_NAME] => /index.php
[PATH_INFO] => /
[PATH_TRANSLATED] => redirect:/index.php/
[PHP_SELF] => /index.php/
[PHP_AUTH_USER] => ******
[PHP_AUTH_PW] => ******
[REQUEST_TIME] => 1308972068
)
在https请求中,它看起来像
Array
(
[REDIRECT_STATUS] => 200
[HTTP_HOST] => test.example.com:443
[HTTP_X_REAL_IP] => 119.224.22.142
[HTTP_X_FORWARDED_FOR] => 119.224.22.142
[HTTP_X_URL_SCHEME] => https
[HTTP_X_FORWARDED_PROTO] => https
[HTTP_CONNECTION] => close
[HTTP_USER_AGENT] => Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/534.30 (KHTML, like Gecko) Chrome/12.0.742.100 Safari/534.30
[HTTP_ACCEPT] => text/html,application/xhtml+xml,application/xml;q=0.9;q=0.8
[HTTP_ACCEPT_ENCODING] => gzip,deflate,sdch
[HTTP_ACCEPT_LANGUAGE] => en-US,en;q=0.8,en-NZ;q=0.6
[HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.3
[HTTP_COOKIE] => [...]
[PATH] => /usr/local/bin:/usr/bin:/bin
[SERVER_SIGNATURE] =>
Apache/2.2.14 (Ubuntu) Server at test.example.com Port 8080
[SERVER_SOFTWARE] => Apache/2.2.14 (Ubuntu)
[SERVER_NAME] => test.example.com
[SERVER_ADDR] => 127.0.0.1
[SERVER_PORT] => 8080
[REMOTE_ADDR] => 127.0.0.1
[DOCUMENT_ROOT] => /var/www
[SERVER_ADMIN] => webmaster@localhost
[SCRIPT_FILENAME] => /var/www/index.php
[REMOTE_PORT] => 54841
[REDIRECT_URL] => /
[GATEWAY_INTERFACE] => CGI/1.1
[SERVER_PROTOCOL] => HTTP/1.0
[REQUEST_METHOD] => GET
[QUERY_STRING] =>
[REQUEST_URI] => /
[SCRIPT_NAME] => /index.php
[PATH_INFO] => /
[PATH_TRANSLATED] => redirect:/index.php/
[PHP_SELF] => /index.php/
[PHP_AUTH_USER] => ********
[PHP_AUTH_PW] => ********
[REQUEST_TIME] => 1308972250
)
我的.htaccess看起来像
Options +FollowSymlinks
RewriteEngine on
RewriteCond %{HTTP_HOST} ^www'.(.*)$ [NC]
RewriteRule ^(.*)$ %1/$1 [R=301,L]
RewriteCond $1 !^(index'.php|robots'.txt|favicon'.ico|css|images|js)
RewriteRule ^(.*)$ index.php/$1 [L]
因此,在我的index.php顶部,我有
$_SERVER['SERVER_PORT'] = explode(':', $_SERVER['HTTP_HOST']);
$_SERVER['HTTP_HOST'] = $_SERVER['SERVER_PORT'][0];
$_SERVER['SERVER_PORT'] = $_SERVER['SERVER_PORT'][1];
if($_SERVER['SERVER_PORT'] == 443)
$_SERVER['HTTPS'] = 'On';
else
$_SERVER['HTTPS'] = 'Off';
在我想要HTTPS的页面上,我称之为
function require_ssl(){
if($_SERVER['HTTPS'] == 'Off') {
$host = explode(':', $_SERVER['HTTP_HOST']);
header('location: https://' . $host[0] . $_SERVER['REQUEST_URI']);
exit;
}
}
在我只想要HTTP的页面上,我称之为
function disable_ssl(){
if($_SERVER['HTTPS'] == 'On') {
$host = explode(':', $_SERVER['HTTP_HOST']);
header('location: http://' . $host[0] . $_SERVER['REQUEST_URI']);
exit;
}
}
因此,经过数小时痛苦的调试,我们终于解决了这个问题。
Nginx
是的,负载均衡器自己重定向。
在nginx设置中,该行存在proxy_redirect http:// https://;
那么,发生了什么?
嗯,我的代码说"这个页面不应该是https,重定向"
然后nginx说"这个请求不是https,重定向"
然后我的代码是
吊杆重定向循环。
因此,通过将proxy_redirect http:// https://;
更改为proxy_redirect Off;
,我们解决了以下问题:)
您为disable_ssl()
发布的函数显示:
if($_SERVER['HTTPS'] == '0n') {
0
("零")是否为复制/粘贴错误?我想你的意思是:
if($_SERVER['HTTPS'] == 'On') {
如果我正确地遵循了您的逻辑,那么当您转到https://test.example.com
时就会调用此函数,因此,如果存在此拼写错误,它可能没有按照您认为的方式执行。
我们已经在这里解决了Nginx(和其他反向代理)的准确修复:
http://www.sonassi.com/knowledge-base/magento-kb/magento-https-redirect-loop/
这样就避免了在index.php
文件中包含该代码的必要性。你所需要做的就是把它添加到你的Nginx配置中,
fastcgi_param HTTPS on;
您可以考虑使用.htaccess规则,比如:
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} (optional pattern additional url matching)
RewriteRule ^(.*)$ https://test.example.com/$1 [L]
如果您想强制http,只需将80替换为443,将https替换为http。