Apache-2.2

Nginx 不通過 HTTPS 提供靜態文件

  • August 8, 2014

我正在嘗試在 Apache 前面設置 Nginx 作為反向代理並提供靜態文件。我 301 http 到 https,並在 https 部分提供指令以通過別名提供靜態文件夾。但是,由於某些奇怪的原因,這些文件是通過 http 提供的。

這是我的 Nginx 站點配置:

   server {
           listen   80; 
           listen   [::]:80;
           access_log off;
           server_name site.com www.site.com;
           return 301 https://$server_name$request_uri;

       }

   server {
           listen   443;
           ssl on;

           ssl_certificate /usr/local/sslcert/my.crt;
           ssl_certificate_key /usr/local/sslcert/my.key;

           access_log off;
           server_name site.com www.site.com;


           location /public/ {
           alias /var/www/public/;
           expires max;
           add_header Pragma public;
           add_header Cache-Control "public";
           }


           location / {

           root /var/www/;
           index index.php

           client_max_body_size    10m;
           client_body_buffer_size 128k;

           proxy_send_timeout   90;
           proxy_read_timeout   90;
           proxy_buffer_size    128k;
           proxy_buffers     4 256k;
           proxy_busy_buffers_size 256k;
           proxy_temp_file_write_size 256k;
           proxy_connect_timeout 30s;

           proxy_redirect  off;

           proxy_pass   http://127.0.0.1:3333/;

           proxy_set_header   Host   $host;
           proxy_set_header   X-Real-IP  $remote_addr;
           proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
           }



           location /push {
           root /var/www/;
           rewrite /push(.*) /$1 break;
           proxy_pass https://127.0.0.1:8332/push/;
           proxy_redirect off;
           proxy_set_header Host $host;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           }

            location ~ /\.ht {
                   deny all;
           }
   }

我錯過了什麼?

所以問題實際上與 Zend Framework Ba​​seUrl 設置有關。我已將其刪除,現在一切正常。

這可能不是問題的實際原因,但無論如何都會造成困難。

您正在使用root內部位置塊,一般情況下效果不佳。

試試這個配置:

server {
       listen   80; 
       listen   [::]:80;
       access_log off;
       server_name site.com www.site.com;
       return 301 https://$server_name$request_uri;
}

server {
       listen 443 ssl;
       listen [::]:443 ssl;

       ssl_certificate /usr/local/sslcert/my.crt;
       ssl_certificate_key /usr/local/sslcert/my.key;

       access_log off;
       server_name site.com www.site.com;

       root /var/www;

       location /public/ {
           expires max;
           add_header Pragma public;
           add_header Cache-Control "public";
       }

       location / {
           index index.php

           client_max_body_size    10m;
           client_body_buffer_size 128k;

           proxy_send_timeout   90;
           proxy_read_timeout   90;
           proxy_buffer_size    128k;
           proxy_buffers     4 256k;
           proxy_busy_buffers_size 256k;
           proxy_temp_file_write_size 256k;
           proxy_connect_timeout 30s;

           proxy_redirect  off;

           proxy_pass   http://127.0.0.1:3333/;

           proxy_set_header   Host   $host;
           proxy_set_header   X-Real-IP  $remote_addr;
           proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
       }

       location /push {
           rewrite ^/push(.*) /$1 break;
           proxy_pass https://127.0.0.1:8332/push/;
           proxy_redirect off;
           proxy_set_header Host $host;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       }

        location ~ /\.ht {
               deny all;
       }
}

變化:

  • 將 ssl 定義移至監聽行
  • 將 IPv6 添加到 SSL 部分
  • root將指令移至伺服器級別
  • 從位置塊中刪除了不需要的aliasroot定義,伺服器級root指令涵蓋了這些
  • ^在推送rewrite規則中添加了行首。

引用自:https://serverfault.com/questions/616113