SSL 在我的 上运行良好frontend_server。但是,当我的前端向 unicorn API 服务器(在同一台服务器上,只是在 Unicorn 进程中运行)发出请求时,我收到以下错误:GET https://198.211.116.68/api/posts?page=1&per_page=30 net::ERR_INSECURE_RESPONSE。为什么会这样?
upstream app_server {
server unix:/var/run/unicorn.sock fail_timeout=0;
}
upstream frontend_server {
server 198.211.116.68:8080;
}
server {
listen 80;
#return 301 http://$host$request_uri;
server_name dailydownbeat.com;
rewrite ^/(.*) https://dailydownbeat.com/$1 permanent;
}
server {
listen 443 ssl;
root /home/rails/dailydownbeat;
server_name dailydownbeat.com;
ssl_certificate /home/rails/dailydownbeat/config/ssl/dailydownbeat.com.chained.crt;
ssl_certificate_key /home/rails/dailydownbeat/config/ssl/dailydownbeat.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
#ssl_prefer_server_ciphers on;
#ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_pass http://frontend_server/;
proxy_http_version 1.1;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_redirect off;
proxy_set_header X-NginX-Proxy true;
proxy_cache_bypass $http_upgrade;
proxy_max_temp_file_size 0;
proxy_read_timeout 240s;
}
location ^~ /api/ {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass https://app_server/api/;
proxy_ssl_session_reuse off;
}
}
答案1
答案:我的服务器调用使用的是 IP 地址。当我将服务器调用更改为使用域名时,一切都正常。
我希望我的愚蠢错误能对某人有所帮助。