Apache-2.2
在 cloudflare 後面使用後網站陷入重定向循環
我的網站https://stage.issufy.com/,設置 ssl 後,我得到 302 重定向循環。這是htaccess文件
<IfModule mod_rewrite.c> <IfModule mod_negotiation.c> Options -MultiViews </IfModule> RewriteEngine On # Redirect Trailing Slashes If Not A Folder... RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)/$ /$1 [L,R=301] # Handle Front Controller... RewriteCond %{REQUEST_FILENAME} !-d RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ index.php [L] # Handle Authorization Header RewriteCond %{HTTP:Authorization} . RewriteRule .* - [E=HTTP_AUTHORIZATION:%{HTTP:Authorization}] </IfModule>
這是 http 的 Apache 配置:
<VirtualHost *:80> ServerName stage.issufy.com Redirect / https://stage.issufy.com DocumentRoot /var/www/html/stage.issufy.com <Directory "/var/www/html/stage.issufy.com"> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined RewriteEngine on RewriteCond %{SERVER_NAME} =stage.issufy.com RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,QSA,R=permanent] </VirtualHost>
這是ssl配置:
<IfModule mod_ssl.c> <VirtualHost *:443> ServerName stage.issufy.com DocumentRoot /var/www/html/stage.issufy.com <Directory "/var/www/html/stage.issufy.com"> Options FollowSymLinks AllowOverride All Order allow,deny Allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLCertificateFile /etc/letsencrypt/live/stage.issufy.com/fullchain.pem SSLCertificateKeyFile /etc/letsencrypt/live/stage.issufy.com/privkey.pem Include /etc/letsencrypt/options-ssl-apache.conf </VirtualHost> </IfModule>
網站在沒有 cloudfare 的情況下執行良好,但一旦啟用 cloudflare,就會出現 302 重定向錯誤。
這是錯誤日誌
172.68.51.31 - - [17/Jan/2017:18:24:18 +0000] "GET / HTTP/1.1" 302 539 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Dragon/52.15.25.665 Chrome/52.0.2743.82 Safari/537.36" 172.68.51.31 - - [17/Jan/2017:18:24:18 +0000] "GET / HTTP/1.1" 302 538 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Dragon/52.15.25.665 Chrome/52.0.2743.82 Safari/537.36" 172.68.51.31 - - [17/Jan/2017:18:24:18 +0000] "GET / HTTP/1.1" 302 538 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Dragon/52.15.25.665 Chrome/52.0.2743.82 Safari/537.36" 172.68.51.31 - - [17/Jan/2017:18:24:19 +0000] "GET / HTTP/1.1" 302 538 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Dragon/52.15.25.665 Chrome/52.0.2743.82 Safari/537.36" 172.68.51.31 - - [17/Jan/2017:18:24:19 +0000] "GET / HTTP/1.1" 302 539 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Dragon/52.15.25.665 Chrome/52.0.2743.82 Safari/537.36" 172.68.51.31 - - [17/Jan/2017:18:24:19 +0000] "GET / HTTP/1.1" 302 538 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Dragon/52.15.25.665 Chrome/52.0.2743.82 Safari/537.36" 172.68.51.31 - - [17/Jan/2017:18:24:20 +0000] "GET / HTTP/1.1" 302 539 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Dragon/52.15.25.665 Chrome/52.0.2743.82 Safari/537.36" 172.68.51.31 - - [17/Jan/2017:18:24:20 +0000] "GET / HTTP/1.1" 302 539 "-" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Dragon/52.15.25.665 Chrome/52.0.2743.82 Safari/537.36"
如果您使用 Cloudflare 的靈活 SSL 產品 - 您的源 Web 伺服器將看到在埠 80 下未加密的流量。
為了解決這個問題,您有幾個選擇:
- 如果您的源支持,請將Cloudflare 的 SSL 模式設置為完整或完整(嚴格)。您甚至可以使用Cloudflare 的 Origin CA 服務為您的 Web 伺服器獲取免費的 SSL 證書。
- 為 Apache安裝 Mod_Cloudflare,這將確保 Cloudflare 透明地執行 - 包括正確記錄 IP 或更正 SSL 環境變數以考慮靈活 SSL。
- 將 Apache 設置為帳戶
X-Forwarded-Proto
(顯示使用者連接到 Cloudflare 的原因)。