我尝试访问https://seafile.example.com
,这是一个代理应用程序。该应用程序将返回 302,但使用的是 HTTP 而不是 HTTPS。这个问题应该在 Nginx 或应用程序(在本例中为 Seafile)中修复,我试过了,但不知道哪里出了问题:
输出自curl -v https://seafile.example.com
< HTTP/1.1 302 FOUND
< Server: nginx/1.12.2
< Date: Fri, 18 May 2018 03:08:02 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Vary: Accept-Language, Cookie
< Location: http://seafile.example.com/accounts/login?next=/
< Content-Language: en
我本来期望https://seafile...
Nginx 配置:
server {
listen 80;
server_name seafile.example.com;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name seafile.example.com;
ssl_certificate /etc/letsencrypt/live/seafile.example.com-0001/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/seafile.example.com-0001/privkey.pem; # managed by Certbot
include /etc/nginx/conf.d/ssl.conf;
proxy_set_header X_Forwarded-For $remote_addr;
location / {
proxy_pass http://192.168.99.12:8000;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
access_log /var/log/nginx/seahub.access.log;
error_log /var/log/nginx/seahub.error.log;
proxy_read_timeout 1200s;
client_max_body_size 0;
}
location /seafhttp {
rewrite ^/seafhttp(.*)$ $1 break;
proxy_pass http://192.168.99.12:8082;
client_max_body_size 0;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 36000s;
proxy_read_timeout 36000s;
proxy_send_timeout 36000s;
send_timeout 36000s;
}
seahub_settings.py
# -*- coding: utf-8 -*-
SECRET_KEY = "random"
DATABASES = {
'default': {
'ENGINE': 'django.db.backends.mysql',
'NAME': 'seahub-db',
'USER': 'seafile',
'PASSWORD': 'random',
'HOST': '127.0.0.1',
'PORT': '3306'
}
}
FILE_SERVER_ROOT = 'https://seafile.example.com'
EMAIL_USE_TLS = True
EMAIL_HOST = 'mail.example.com' # smpt server
EMAIL_HOST_USER = '' # username and domain
EMAIL_HOST_PASSWORD = '' # password
EMAIL_PORT = 25
DEFAULT_FROM_EMAIL = '[email protected]'
SERVER_EMAIL = '[email protected]'
ccnet配置文件
[General]
USER_NAME = seafile
ID = ranodm
NAME = seafile
SERVICE_URL = https://seafile.example.com
[Client]
PORT = 13419
[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = seafile
PASSWD = random
DB = ccnet-db
CONNECTION_CHARSET = utf8
答案1
尝试这个代码片段:
server {
listen 443;
listen [::]:443;
server_name seafile.example.com;
include /etc/nginx/conf.d/ssl.conf;
location / {
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_pass http://192.168.99.12:8000/;
proxy_http_version 1.1;
proxy_redirect http://192.168.99.12:8000/ https://seafile.example.com/;
proxy_read_timeout 1200s;
client_max_body_size 0;
}
ssl on;
ssl_certificate /etc/letsencrypt/live/seafile.example.com-0001/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/seafile.example.com-0001/privkey.pem;
add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
add_header X-Frame-Options SAMEORIGIN;
add_header X-Content-Type-Options nosniff;
}