遇到奇怪的情况,甚至不知道如何在谷歌上搜索,如何描述它...无论如何,我正在使用 Nginx 并将 https 流量代理到上游服务器。使用 http(使用其他域)一切都很好,但无法使其与 https 一起工作...
这是我的 nginx 配置
upstream umarket { server 192.168.2.11:443; }
# Upstream
server {
listen 80;
listen 443 ssl http2;
server_name umarket.lt;
error_log /var/log/nginx/umarket.lt_error.log;
add_header Strict-Transport-Security "max-age=31536000";
ssl on;
ssl_certificate /etc/nginx/ssl/umarket.lt/umarket_lt_chained.crt;
ssl_certificate_key /etc/nginx/ssl/umarket.lt/server.key;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_ssl_session_reuse off;
proxy_cache_bypass $http_secret_header;
proxy_ignore_headers Set-Cookie;
proxy_ignore_headers Cache-Control;
location = / {
proxy_pass $scheme://umarket;
}
}
正如建议的那样,我不会使用 ssl 到上游,看看 confgi 现在的样子,结果仍然是相同的...这是在 http 块内:
upstream umarket { server 192.168.2.11:80; }
proxy_redirect off;
proxy_buffering off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto http;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_ssl_session_reuse off;
proxy_cache_bypass $http_secret_header;
proxy_ignore_headers Set-Cookie;
proxy_ignore_headers Cache-Control;
add_header X-Cache-Status $upstream_cache_status;
server {
listen *:80;
server_name umarket.lt;
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443 ssl http2;
server_name umarket.lt;
error_log /var/log/nginx/umarket.lt_error.log;
add_header Strict-Transport-Security "max-age=31536000";
ssl on;
ssl_certificate /etc/nginx/ssl/umarket.lt/umarket_lt_chained.crt;
ssl_certificate_key /etc/nginx/ssl/umarket.lt/server.key;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
location = / {
proxy_pass http://umarket;
}
}
答案1
为 80 和 443 端口创建两个服务器部分。并在上游服务器上使用 80 端口,您已经在 nginx 上建立了 SSL 连接,因此无需在前端和后端之间使用 SSL 连接。
使用类似这样的方法将所有请求从 http 版本转发到网站的 https 版本。
server {
listen 80;
server_name umarket.lt;
rewrite ^(.*) https://$host$1 permanent;
}
解决方案:也替换位置 = /到地点 /. 它解决了问题。