nginx 返回 302 FOUND,其中使用 http 而不是 https

nginx 返回 302 FOUND,其中使用 http 而不是 https

我尝试访问https://seafile.example.com,这是一个代理应用程序。该应用程序将返回 302,但使用的是 HTTP 而不是 HTTPS。这个问题应该在 Nginx 或应用程序(在本例中为 Seafile)中修复,我试过了,但不知道哪里出了问题:

输出自curl -v https://seafile.example.com

< HTTP/1.1 302 FOUND
< Server: nginx/1.12.2
< Date: Fri, 18 May 2018 03:08:02 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Vary: Accept-Language, Cookie
< Location: http://seafile.example.com/accounts/login?next=/
< Content-Language: en

我本来期望https://seafile...

Nginx 配置:

server {
    listen 80;
    server_name seafile.example.com;

    return 301 https://$server_name$request_uri;
}
server {
    listen 443 ssl;
    server_name seafile.example.com;
    ssl_certificate /etc/letsencrypt/live/seafile.example.com-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/seafile.example.com-0001/privkey.pem; # managed by Certbot

    include /etc/nginx/conf.d/ssl.conf;

   proxy_set_header X_Forwarded-For $remote_addr;

   location / {
   proxy_pass         http://192.168.99.12:8000;
   proxy_set_header   Host $host;
   proxy_set_header   X-Real-IP $remote_addr;
   proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header   X-Forwarded-Host $server_name;
   proxy_set_header   X-Forwarded-Proto https;

   access_log      /var/log/nginx/seahub.access.log;
   error_log       /var/log/nginx/seahub.error.log;

   proxy_read_timeout  1200s;

   client_max_body_size 0;
   }
   location /seafhttp {
       rewrite ^/seafhttp(.*)$ $1 break;
       proxy_pass http://192.168.99.12:8082;
       client_max_body_size 0;
       proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_connect_timeout  36000s;
       proxy_read_timeout  36000s;
       proxy_send_timeout  36000s;
       send_timeout  36000s;
   }

seahub_settings.py

# -*- coding: utf-8 -*-
SECRET_KEY = "random"

DATABASES = {
    'default': {
        'ENGINE': 'django.db.backends.mysql',
        'NAME': 'seahub-db',
        'USER': 'seafile',
        'PASSWORD': 'random',
        'HOST': '127.0.0.1',
        'PORT': '3306'
    }
}

FILE_SERVER_ROOT = 'https://seafile.example.com'

EMAIL_USE_TLS = True
EMAIL_HOST = 'mail.example.com'        # smpt server
EMAIL_HOST_USER = ''    # username and domain
EMAIL_HOST_PASSWORD = ''    # password
EMAIL_PORT = 25
DEFAULT_FROM_EMAIL = '[email protected]'
SERVER_EMAIL = '[email protected]'

ccnet配置文件

[General]
USER_NAME = seafile
ID = ranodm
NAME = seafile
SERVICE_URL = https://seafile.example.com

[Client]
PORT = 13419

[Database]
ENGINE = mysql
HOST = 127.0.0.1
PORT = 3306
USER = seafile
PASSWD = random
DB = ccnet-db
CONNECTION_CHARSET = utf8

答案1

尝试这个代码片段:

server {
        listen 443;
        listen [::]:443;
        server_name seafile.example.com;
        include /etc/nginx/conf.d/ssl.conf;
        location / {
                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_pass http://192.168.99.12:8000/;
                proxy_http_version 1.1;
                proxy_redirect http://192.168.99.12:8000/ https://seafile.example.com/;
                proxy_read_timeout  1200s;
                client_max_body_size 0;
        }
        ssl     on;
        ssl_certificate /etc/letsencrypt/live/seafile.example.com-0001/fullchain.pem;
        ssl_certificate_key     /etc/letsencrypt/live/seafile.example.com-0001/privkey.pem;
        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
}

相关内容