Nginx

Nginx 在重寫期間從 Akamai 丟棄 HTTPS

  • April 20, 2018

Akamai 將 HTTPS 請求傳遞給 Nginx,Nginx 在執行重定向時從請求中刪除 HTTPS。以下是 curl 的結果:

$ curl -v -L https://oursite.com/life/facts-and-arguments/ 2>&1 | egrep "^(<|>) (Host:|Location:|Server:|GET|HTTP)"
> GET /life/facts-and-arguments/ HTTP/1.1
> Host: oursite.com
< HTTP/1.1 301 Moved Permanently
< Server: openresty/1.13.6.1
< Location: http://oursite.com/life/first-person/ #Extra hop we're trying to avoid
> GET /life/first-person/ HTTP/1.1 
> Host: oursite.com
< HTTP/1.1 301 Moved Permanently
< Server: AkamaiGHost
< Location: https://oursite.com/life/first-person/
> GET /life/first-person/ HTTP/1.1
> Host: oursite.com
< HTTP/1.1 200 OK
< Server: openresty/1.13.6.1

有沒有辦法讓 Nginx 在執行重定向時保留 HTTPS,這樣它就不會經過這個額外的躍點?我試過類似這樣的配置:謝謝!

location ~ ^(?!(/a/|/b/|/c/))(([^.]*[^/]))$ {
   proxy_set_header X-Forwarded-Proto https;
   proxy_set_header Host $host;
   set $redir_location $http_x_forwarded_proto://$host;
   rewrite ^(?!(/a/|/b/|/c/))(([^.]*[^/]))$ $redir_location$2/ permanent;
   }

該 nginx 配置塊與您的網址不匹配。[^/]$意味著 url 不應該以斜杠結尾,你的。http:來自您的最終應用程序,可能不是來自 nginx 。

一個旁注。不要重定向到,$http_x_forwarded_proto://$host因為您不知道是否$http_x_forwarded_proto已設置。這部分是 CDN 的責任,他們應該編輯Location您返回的 HTTP 30x。簡單地製作它$scheme://$host$2

引用自:https://serverfault.com/questions/908776