Ubuntu

Atlassian Crowd + Nginx + SSL 設置不工作 - 重定向循環

  • August 7, 2014

nginx配置:

server {
       listen          443 ssl;
       server_name     crowd.example.com;
       access_log      off;

       client_max_body_size    10M;

       ssl_certificate         /etc/nginx/ssl/crowd.example.com.crt;
       ssl_certificate_key     /etc/nginx/ssl/crowd.example.com.key;

       location / {
               proxy_pass              http://localhost:8095/;
               proxy_set_header        Host            $host;
               proxy_set_header        X-Real-IP       $remote_addr;
               proxy_set_header        X-Forwarded-For $remote_addr;
               port_in_redirect        off;
               proxy_redirect          https://crowd.example.com/ /;
       }
}

來自其 server.xml 的人群相關部分:

<Service name="Catalina">

   <Connector
       acceptCount="100"
       connectionTimeout="20000"
       disableUploadTimeout="true"
       enableLookups="false"
       maxHttpHeaderSize="8192"
       maxThreads="150"
       minSpareThreads="25"
       port="8095"
       redirectPort="8443"
       useBodyEncodingForURI="true"
       URIEncoding="UTF-8"

       proxyName="crowd.example.com"
       proxyPort="443"
       scheme="https"
       secure="true"/>

   <Engine defaultHost="localhost" name="Catalina">
       <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true"/>
   </Engine>

   <Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" />
</Service>

這是我的 crowd.properties:

session.lastvalidation=session.lastvalidation
session.tokenkey=session.tokenkey
crowd.server.url=http\://localhost\:8095/crowd/services/
application.name=crowd
http.timeout=30000
session.isauthenticated=session.isauthenticated
application.login.url=http\://localhost\:8095/crowd
session.validationinterval=0
application.password=fslLXYfj9DehGTmGjLqZbX

登錄後轉到https://crowd.example.com/crowd會導致重定向循環。您可以到達登錄頁面。(此外,https: //crowd.example.com/ 也有效。)在 FF 中使用 Firebug 觀察它,我發現它在https://crowd.commercialfire.com/crowd/console/login.actionhttps 之間搖擺不定: //crowd.commercialfire.com/crowd/console/defaultstartpage.action

假設 nginx 在同一台機器上,在 nginx 上嘗試這個代理配置:

       location / {

         proxy_set_header X-Forwarded-Host $host;
         proxy_set_header X-Forwarded-Server $host;
         proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
         proxy_pass http://127.0.0.1:8095/;
         proxy_redirect off;
         proxy_connect_timeout 300;

   }

並添加address="127.0.0.1"到 server.xml 文件中的 Connector 定義(主要的帶有 proxyName)

引用自:https://serverfault.com/questions/618501