代理通过 nginx 反向代理转到 http 转 https

代理通过 nginx 反向代理转到 http 转 https

我已经配置了 nginx,让反向代理将 80 和 443 上的请求转发到 443 上的 Apache 服务器。但是它不起作用,

我的配置是:

    server {
    
        listen 192.168.50.55:80;
        listen 192.168.50.55:443 ssl;
        server_name groupware.example.com;
        add_header Content-Security-Policy "frame-ancestors example.com cloud.example.com";
    
        ssl_certificate           /etc/letsencrypt/live/groupware.example.com/fullchain.pem;
        ssl_certificate_key       /etc/letsencrypt/live/groupware.example.com/privkey.pem;
    
        ssl_session_cache  builtin:1000  shared:SSL:10m;
        ssl_protocols  TLSv1.2;
        ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
        ssl_prefer_server_ciphers on;
        server_name_in_redirect on;
        proxy_set_header Host groupware.example.com;
    
        access_log            /var/log/nginx/groupware.log;
    
        location / {
    
          proxy_set_header        Host $host;
          proxy_set_header        X-Real-IP $remote_addr;
          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header        X-Forwarded-Proto $scheme;
          proxy_pass          https://groupware.example.com;
          proxy_read_timeout  90;
           
        }

   location ~ .well-known {

                 root /srv/web;
        }

  }

这是 curl -I 的输出http://groupware.example.com

HTTP/1.1 302 Found
Server: nginx/1.14.2
Date: Fri, 17 Jul 2020 13:26:30 GMT
Content-Type: text/html; charset=iso-8859-1
Location: http://groupware.example.com/something
Connection: keep-alive
Content-Security-Policy: frame-ancestors example.com cloud.example.com

编辑1

我在 Apache 虚拟主机(上游)的配置中有以下几行:

<If "%{HTTP_HOST} == 'groupware.example.com'">
    RedirectMatch ^/$ https:/groupware.example/something
</If>

为什么对 http:// 的请求不会转到代理服务器的 https:// ?

答案1

最后,我将配置拆分为一个用于 http 的配置和一个用于 https 的配置,因此添加了一个新文件。并注释掉listen 192.168.50.35:80;

新的文件如下:

server {

    listen 192.168.50.55:80;
    server_name groupware.example.com;


    access_log            /var/log/nginx/groupware-80.log;

    location /  {

      proxy_set_header        Host $host;
      proxy_set_header        X-Real-IP $remote_addr;
      proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header        X-Forwarded-Proto $scheme;
      proxy_pass          http://groupware.example.com;
      proxy_read_timeout  90;
    }



  }

并让从 http 到 https 的重定向工作交给上游(Apache)。

相关内容