Ubuntu
Atlassian Crowd + Nginx + SSL 設置不工作 - 重定向循環
nginx配置:
server { listen 443 ssl; server_name crowd.example.com; access_log off; client_max_body_size 10M; ssl_certificate /etc/nginx/ssl/crowd.example.com.crt; ssl_certificate_key /etc/nginx/ssl/crowd.example.com.key; location / { proxy_pass http://localhost:8095/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $remote_addr; port_in_redirect off; proxy_redirect https://crowd.example.com/ /; } }
來自其 server.xml 的人群相關部分:
<Service name="Catalina"> <Connector acceptCount="100" connectionTimeout="20000" disableUploadTimeout="true" enableLookups="false" maxHttpHeaderSize="8192" maxThreads="150" minSpareThreads="25" port="8095" redirectPort="8443" useBodyEncodingForURI="true" URIEncoding="UTF-8" proxyName="crowd.example.com" proxyPort="443" scheme="https" secure="true"/> <Engine defaultHost="localhost" name="Catalina"> <Host appBase="webapps" autoDeploy="true" name="localhost" unpackWARs="true"/> </Engine> <Connector port="8009" enableLookups="false" redirectPort="8443" protocol="AJP/1.3" /> </Service>
這是我的 crowd.properties:
session.lastvalidation=session.lastvalidation session.tokenkey=session.tokenkey crowd.server.url=http\://localhost\:8095/crowd/services/ application.name=crowd http.timeout=30000 session.isauthenticated=session.isauthenticated application.login.url=http\://localhost\:8095/crowd session.validationinterval=0 application.password=fslLXYfj9DehGTmGjLqZbX
登錄後轉到https://crowd.example.com/crowd會導致重定向循環。您可以到達登錄頁面。(此外,https: //crowd.example.com/ 也有效。)在 FF 中使用 Firebug 觀察它,我發現它在https://crowd.commercialfire.com/crowd/console/login.action和 https 之間搖擺不定: //crowd.commercialfire.com/crowd/console/defaultstartpage.action。
假設 nginx 在同一台機器上,在 nginx 上嘗試這個代理配置:
location / { proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Server $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:8095/; proxy_redirect off; proxy_connect_timeout 300; }
並添加
address="127.0.0.1"
到 server.xml 文件中的 Connector 定義(主要的帶有 proxyName)