这是一个 Docker 容器,NGINX 和 Jenkins 位于同一容器中,使用 Supervisord 运行。Docker 容器在 AWS ECS 中的 ELB 后面运行。
NGINX 应该将流量从 http://jenkins 转发到 https://jenkins。
实际情况是这样的:
https://jenkins/computer/ --> 转到 https ✅
https://jenkins/computer --> 转到 http 和端口 443 ❌
配置:
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
root /var/www/;
index index.html index.htm;
client_max_body_size 10M;
server_name jenkins;
ignore_invalid_headers off;
location / {
allow vpnip/32;
deny all;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# Fix the "It appears that your reverse proxy set up is broken" error.
proxy_pass http://127.0.0.1:8080;
proxy_read_timeout 90;
proxy_redirect http://127.0.0.1:8080 https://jenkins;
proxy_http_version 1.1;
proxy_request_buffering off;
proxy_buffering off; # Required for HTTP-based CLI to work over SSL
if ($http_x_forwarded_proto != "https") {
rewrite ^(.*)$ https://$server_name$1 permanent;
}
}
输出:
https://jenkins/computer
DNT: 1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_4)
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Sec-Fetch-Site: none
Sec-Fetch-Mode: navigate
Sec-Fetch-Dest: document
302 Found
Date: Tue, 21 Jul 2020 13:35:47 GMT
Location: http://jenkins:443/computer/
Server: nginx
X-Content-Type-Options: nosniff
Content-Length: 0
Connection: keep-alive
造成这种情况的原因可能有哪些?
答案1
假设您要将 http 重定向到 https。这是我的配置:
upstream jenkins {
server jenkins:8080 fail_timeout=10;
}
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name _;
# Add ssl related configs
location / {
client_max_body_size 200M;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect http:// https://;
proxy_pass http://jenkins;
}
}
除此之外,jenkins 配置还使用服务器 https://... url 进行了更新
Jenkins -> Manage Jenkins -> Configure System -> Jenkins Location -> Jenkins URL