NGINX 错误地将某些 URL 上的 HTTPS 流量转发到端口 443 上的 HTTP

tag-icon tag-icon nginx jenkins
NGINX 错误地将某些 URL 上的 HTTPS 流量转发到端口 443 上的 HTTP

这是一个 Docker 容器,NGINX 和 Jenkins 位于同一容器中,使用 Supervisord 运行。Docker 容器在 AWS ECS 中的 ELB 后面运行。

NGINX 应该将流量从 http://jenkins 转发到 https://jenkins。

实际情况是这样的:

  • https://jenkins/computer/ --> 转到 https ✅

  • https://jenkins/computer --> 转到 http 和端口 443 ❌

配置:

server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    root /var/www/;
    index index.html index.htm;

    client_max_body_size 10M;

    server_name jenkins;
    ignore_invalid_headers    off;

    location / {
        allow vpnip/32;
        deny all;

        proxy_set_header        Host $host:$server_port;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header        X-Forwarded-Proto $scheme;

        # Fix the "It appears that your reverse proxy set up is broken" error.
        proxy_pass          http://127.0.0.1:8080;
        proxy_read_timeout  90;
        proxy_redirect      http://127.0.0.1:8080 https://jenkins;
        proxy_http_version 1.1;
        proxy_request_buffering off;
        proxy_buffering off; # Required for HTTP-based CLI to work over SSL
        if ($http_x_forwarded_proto != "https") {
            rewrite ^(.*)$ https://$server_name$1 permanent;
        }
    }

输出:

https://jenkins/computer
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
302 Found
Date: Tue, 21 Jul 2020 13:35:47 GMT
Location: http://jenkins:443/computer/
Server: nginx
X-Content-Type-Options: nosniff
Content-Length: 0
Connection: keep-alive

造成这种情况的原因可能有哪些?

答案1

假设您要将 http 重定向到 https。这是我的配置:

upstream jenkins {
  server jenkins:8080 fail_timeout=10;
}

server {
  listen 80;
  server_name _;
  return 301 https://$host$request_uri;
}

server {
  listen 443 ssl;
  server_name _;

  # Add ssl related configs

  location / {

     client_max_body_size 200M;

     proxy_set_header        Host $host:$server_port;
     proxy_set_header        X-Real-IP $remote_addr;
     proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
     proxy_set_header        X-Forwarded-Proto $scheme;

     proxy_redirect          http:// https://;
     proxy_pass              http://jenkins;
  }
}

除此之外,jenkins 配置还使用服务器 https://... url 进行了更新

Jenkins -> Manage Jenkins -> Configure System -> Jenkins Location -> Jenkins URL

相关内容