我已经配置了 nginx,让反向代理将 80 和 443 上的请求转发到 443 上的 Apache 服务器。但是它不起作用,
我的配置是:
server {
listen 192.168.50.55:80;
listen 192.168.50.55:443 ssl;
server_name groupware.example.com;
add_header Content-Security-Policy "frame-ancestors example.com cloud.example.com";
ssl_certificate /etc/letsencrypt/live/groupware.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/groupware.example.com/privkey.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
server_name_in_redirect on;
proxy_set_header Host groupware.example.com;
access_log /var/log/nginx/groupware.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://groupware.example.com;
proxy_read_timeout 90;
}
location ~ .well-known {
root /srv/web;
}
}
这是 curl -I 的输出http://groupware.example.com:
HTTP/1.1 302 Found
Server: nginx/1.14.2
Date: Fri, 17 Jul 2020 13:26:30 GMT
Content-Type: text/html; charset=iso-8859-1
Location: http://groupware.example.com/something
Connection: keep-alive
Content-Security-Policy: frame-ancestors example.com cloud.example.com
编辑1
我在 Apache 虚拟主机(上游)的配置中有以下几行:
<If "%{HTTP_HOST} == 'groupware.example.com'">
RedirectMatch ^/$ https:/groupware.example/something
</If>
为什么对 http:// 的请求不会转到代理服务器的 https:// ?
答案1
最后,我将配置拆分为一个用于 http 的配置和一个用于 https 的配置,因此添加了一个新文件。并注释掉listen 192.168.50.35:80;
新的文件如下:
server {
listen 192.168.50.55:80;
server_name groupware.example.com;
access_log /var/log/nginx/groupware-80.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://groupware.example.com;
proxy_read_timeout 90;
}
}
并让从 http 到 https 的重定向工作交给上游(Apache)。