使用 HAProxy 的 SSL

tag-icon tag-icon php ssl reverse-proxy haproxy joomla
使用 HAProxy 的 SSL

使用 Haproxy 时遇到一个奇怪的问题。我使用它来为几个 Joomla 网站建立前端 SSL 连接,但这些网站似乎没有在 https 前端上进行接收,这导致了 javascript 错误。

我的 haproxy 配置中的相关部分:

frontend http-in
    bind *:80
acl is_abc hdr_end(host) -i abc.com

use_backend abc if is_abc

frontend https-in
bind :443 ssl crt certificate.pem crt /var/certs/servers
reqadd Front-End-Https:\ On
reqadd X-Forwarded-Proto:\ https
acl is_abc hdr_end(host) -i abc.com

use_backend abc if is_abc

backend abc
    server server1 127.0.0.1:3005 maxconn 256

错误:

[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/cache/template/gzip.php?widgetkit-78a9e32a-f1c60388.css.
 /:1
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/modules/mod_improved_ajax_login/cache/104/4d0e5494cd3301a33bf43f728df81fa4.css.
 /:1
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/cache/template/gzip.php?jquery.min-76ad7381.js.
 /:1
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/cache/template/gzip.php?jquery-noconflict-34838beb.js.
 /:1
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/cache/template/gzip.php?widgetkit-2dd271e3-966774a7.js.
 /:1
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/cache/template/gzip.php?mootools-core-9fef18a6.js.
 /:1
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/cache/template/gzip.php?core-aac38065.js.
 /:1
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/cache/template/gzip.php?mootools-more-02252ddc.js.
 /:1
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/cache/template/gzip.php?template-b04b0958.css.
 /:1
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/cache/template/gzip.php?template-2188c767.js.
 /:1
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/templates/yoo_showroom/warp/js/search.js.
 /:1
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/cache/template/gzip.php?widgetkit-78a9e32a-f1c60388.css.
 abc.com:16
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/modules/mod_improved_ajax_login/cache/104/4d0e5494cd3301a33bf43f728df81fa4.css.
 abc.com:17
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/cache/template/gzip.php?jquery.min-76ad7381.js.
 abc.com:1
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/cache/template/gzip.php?jquery-noconflict-34838beb.js.
 abc.com:1
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/cache/template/gzip.php?widgetkit-2dd271e3-966774a7.js.
 abc.com:1
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/cache/template/gzip.php?mootools-core-9fef18a6.js.
 abc.com:1
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/cache/template/gzip.php?core-aac38065.js.
 abc.com:1
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/cache/template/gzip.php?mootools-more-02252ddc.js.
 abc.com:1
Uncaught TypeError: Object [object global] has no method 'addEvent' abc.com:25
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/cache/template/gzip.php?template-b04b0958.css.
 abc.com:39
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/cache/template/gzip.php?template-2188c767.js.
 abc.com:1
[blocked] The page at https//abc.com/ ran insecure content from http//abc.com/templates/yoo_showroom/warp/js/search.js.
 abc.com:1
Uncaught ReferenceError: jQuery is not defined abc.com:68
The page at https//abc.com/ displayed insecure content from http//abc.com/modules/mod_improved_ajax_login/themes/elegant/images/arrow.png.
 abc.com:84
The page at https//abc.com/ displayed insecure content from http//abc.com/modules/mod_improved_ajax_login/themes/elegant/images/arrow.png.
 abc.com:89
The page at https//abc.com/ displayed insecure content from http//abc.com/modules/mod_improved_ajax_login/themes/elegant/images/x.png.
 abc.com:100
The page at https//abc.com/ displayed insecure content from http//abc.com/modules/mod_improved_ajax_login/themes/elegant/images/refresh.png.
 abc.com:183
The page at https//abc.com/ displayed insecure content from http//abc.com/images/yootheme/demo/slideshow/slide1.jpg.
 abc.com:229
The page at https//abc.com/ displayed insecure content from http//abc.com/cache/widgetkit/gallery/19/R0010073-1e7e167369.jpg.

答案1

查看了传递给应用程序的标题并找到处理它们的 joomla 库后,以下修复有效。

在 libraries/joomla/uri/uri.php 文件中添加了对“Front-End-Https”请求标头的检查:

更改:

                            if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off'))
                            {
                                    $https = 's://';
                            }
                            else
                            {
                                    $https = '://';
                            }

到:

                            if (isset($_SERVER['HTTPS']) && !empty($_SERVER['HTTPS']) && (strtolower($_SERVER['HTTPS']) != 'off'))
                            {
                                    $https = 's://';
                            }
                            elseif (isset($_SERVER['HTTP_FRONT_END_HTTPS']) && !empty($_SERVER['HTTP_FRONT_END_HTTPS']) && (strtolower($_SERVER['HTTP_FRONT_END_HTTPS']) == 'on'))

                            {

                                    $https = 's://';
                            }
                            else
                            {
                                    $https = '://';
                            }

相关内容