我尝试使用以下方法让 moode 在 SSL 反向代理后面运行这解决方案但我收到以下错误:
反向代理已启用,无法直接访问服务器,抱歉。请联系服务器管理员。
在 moodle 的配置中我启用了以下设置:
$CFG->reverseproxy = true;
$CFG->sslproxy = true;
从而导致这配置。
对于反向代理,我使用具有以下设置的 nginx:
events {
worker_connections 768;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
charset utf-8;
gzip on;
gzip_disable "msie6";
client_max_body_size 10000M;
# Mysql apache-based variant
server {
listen 6440 ssl;
server_name 0.0.0.0;
ssl_certificate /etc/nginx/certs/cert.pem;
ssl_certificate_key /etc/nginx/certs/key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
proxy_pass_request_headers on;
# In case or running another port please replace the value bellow.
proxy_pass http://^ip^;
}
}
}
^ip^我反向代理请求的 IP 在哪里。此外,对于我在本例中使用的设置 URL,我运行所有的在docker容器中设置如下https://0.0.0.0:6440那是不是服务 IP。
另外,docker-compose 如下:
version: '2'
services:
nginx_reverse:
image: nginx:alpine
ports:
- "6440:6440"
links:
- 'moodle_mysql_reverse'
restart: always
volumes:
- './conf/nginx/nginx_ssl_reverse.conf:/etc/nginx/nginx.conf:ro'
- './conf/certs:/etc/nginx/certs:ro'
moodle_mysql_db_reverse:
image: mysql
environment:
MYSQL_RANDOM_ROOT_PASSWORD: "yes"
MYSQL_ONETIME_PASSWORD: "yes"
MYSQL_DATABASE: "${MOODLE_DB_NAME}"
MYSQL_USER: '${MOODLE_MYSQL_USER}'
MYSQL_PASSWORD: '${MOODLE_MYSQL_PASSWORD}'
moodle_mysql_reverse:
image: ellakcy/moodle:mysql_maria_apache
links:
- "moodle_mysql_db_reverse:moodle_db"
environment:
MOODLE_DB_HOST: "moodle_db"
MOODLE_DB_NAME: "${MOODLE_DB_NAME}"
MOODLE_DB_USER: '${MOODLE_MYSQL_USER}'
MOODLE_DB_PASSWORD: "${MOODLE_MYSQL_PASSWORD}"
MOODLE_ADMIN: "${MOODLE_ADMIN}"
MOODLE_ADMIN_PASSWORD: "${MOODLE_ADMIN_PASSWORD}"
MOODLE_URL: "https://0.0.0.0:6440"
MOODLE_REVERSE_LB: "true"
MOODLE_SSL: "true"
您知道我为什么会收到这个错误以及如何修复它吗?
答案1
无论是否是基于docker的解决方案,都建议使用代理不是提供Hosthttp 标头。因此,nginx 反向代理配置应该是这样的:
events {
worker_connections 768;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
charset utf-8;
gzip on;
gzip_disable "msie6";
client_max_body_size 10000M;
# Mysql apache-based variant
server {
listen 6440 ssl;
server_name 0.0.0.0;
ssl_certificate /etc/nginx/certs/cert.pem;
ssl_certificate_key /etc/nginx/certs/key.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
proxy_pass_request_headers on;
# In case or running another port please replace the value bellow.
proxy_pass http://^ip^;
}
}
}
正如你所见,以下一行应该失踪不是存在于你的反向代理 nginx 配置中:
proxy_set_header Host $host;