SSL 終止 Nginx + 後端 Nginx 不工作(在 HTTPS 中獲取混合內容結果)
我從本教程https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-load-balancing-with-ssl-termination設置了 2 個 nginx 網路伺服器
問題是,一個通過 SSL 的簡單測試 php 頁面載入得很好,但是當我嘗試安裝一些 PHP 應用程序(如 Moodle)時,我收到混合內容警告並且 UI 已損壞..(一些在 HTTP 模式下,一些在 HTTPS 模式下, ETC…)
如何在所有 HTTPS 中載入所有內容(修復混合內容)?
這是前端 SSL Nginx 配置:
# File: \etc\nginx\sites-available\main.big.vm upstream mainBigVm { server main.big.vm:80; } server { listen 80; listen 443 ssl; ssl on; ssl_certificate /etc/nginx/cert.crt; ssl_certificate_key /etc/nginx/cert.key; server_name main.big.vm; location / { proxy_pass http://mainBigVm; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
這是後端 Nginx 配置(在伺服器 main.big.vm 中):
# File: \etc\nginx\sites-available\default server { listen 80 default_server; listen [::]:80 default_server; root /var/www/html; index index.html index.htm index.nginx-debian.html index.php; server_name _; location / { try_files $uri $uri/ =404; } location ~ \.php$ { fastcgi_pass unix:/var/run/php5217-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } }
更新 170430-1
我已經在前端嘗試了建議的配置,但仍然無法正常工作。
upstream mainBigVm { server main.big.vm:80; } #suggestion server { listen 80; location / { return 301 https://$host$request_uri; } } server { listen 80; listen 443 ssl; ssl on; ssl_certificate /etc/nginx/cert.crt; ssl_certificate_key /etc/nginx/cert.key; server_name main.big.vm; location / { proxy_pass http://mainBigVm; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
更新 170501-1
我也注意到了一個奇怪的行為。如果我鍵入帶有結尾斜杠的 HTTPS URL,則會載入 URL,但如果我鍵入沒有結尾斜杠,則 URL 會以某種方式轉換為帶有自動添加的結尾斜杠的 HTTP
最後我得到了這個工作。我發現我關於使用 Apache 的 SSL nginx-reverse 代理的舊筆記需要這個配置
# file \apps\httpd\2225\conf.d\nginx-reverse-proxy.conf # Make sure mod_env is loaded. # This make sure variable _SERVER[HTTPS] is set if using Nginx as reverse proxy for Apache # This will help some application to work, since many apps using _SERVER[HTTPS] to work with SSL # Make sure Nginx has config: proxy_set_header X-Forwarded-Proto $scheme; SetEnvIf X-Forwarded-Proto https HTTPS=on
因為我使用的是 Nginx 後端,所以我得到了這個配置來測試:
location ~ \.php$ { fastcgi_pass unix:/var/run/php5217-fpm.sock; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; fastcgi_param HTTPS 'on'; # I tested by adding this line to check }
它工作正常,現在我的 Moodle 在 HTTPS 前端(css、js、圖像等)中載入得很好。現在我只需要一個類似於 Apache 的 Nginx 配置,
SetEnvIf X-Forwarded-Proto https HTTPS=on
或者確保我所有的後端每次都在 SSL 上執行**更新 170502:**我在這裡得到了這個例子https://stackoverflow.com/questions/4848438/fastcgi-application-behind-nginx-is-unable-to-detect-that-https-secure-connectio