Ubuntu

SSL 終止 Nginx + 後端 Nginx 不工作(在 HTTPS 中獲取混合內容結果)

  • May 2, 2017

我從本教程https://www.digitalocean.com/community/tutorials/how-to-set-up-nginx-load-balancing-with-ssl-termination設置了 2 個 nginx 網路伺服器

問題是,一個通過 SSL 的簡單測試 php 頁面載入得很好,但是當我嘗試安裝一些 PHP 應用程序(如 Moodle)時,我收到混合內容警告並且 UI 已損壞..(一些在 HTTP 模式下,一些在 HTTPS 模式下, ETC…)

如何在所有 HTTPS 中載入所有內容(修復混合內容)?

這是前端 SSL Nginx 配置:

# File: \etc\nginx\sites-available\main.big.vm

upstream mainBigVm {
   server main.big.vm:80;
}

server {
   listen 80;

   listen 443 ssl;
   ssl on;
   ssl_certificate         /etc/nginx/cert.crt;
   ssl_certificate_key     /etc/nginx/cert.key;

   server_name main.big.vm;

   location / {
       proxy_pass http://mainBigVm;
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
   }
}

這是後端 Nginx 配置(在伺服器 main.big.vm 中):

# File: \etc\nginx\sites-available\default

server {
   listen 80 default_server;
   listen [::]:80 default_server;

   root /var/www/html;

   index index.html index.htm index.nginx-debian.html index.php;

   server_name _;

   location / {
       try_files $uri $uri/ =404;
   }

   location ~ \.php$ {
       fastcgi_pass unix:/var/run/php5217-fpm.sock;
       fastcgi_index index.php;
       fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
       include fastcgi_params;
   }
}

更新 170430-1

我已經在前端嘗試了建議的配置,但仍然無法正常工作。

upstream mainBigVm {
   server main.big.vm:80;
}

#suggestion
server {
   listen 80;
   location / {
       return 301 https://$host$request_uri;
   }
}

server {
   listen 80;

   listen 443 ssl;
   ssl on;
   ssl_certificate         /etc/nginx/cert.crt;
   ssl_certificate_key     /etc/nginx/cert.key;

   server_name main.big.vm;

   location / {
       proxy_pass http://mainBigVm;
       proxy_set_header Host $host;
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
   }
}

更新 170501-1

我也注意到了一個奇怪的行為。如果我鍵入帶有結尾斜杠的 HTTPS URL,則會載入 URL,但如果我鍵入沒有結尾斜杠,則 URL 會以某種方式轉換為帶有自動添加的結尾斜杠的 HTTP

最後我得到了這個工作。我發現我關於使用 Apache 的 SSL nginx-reverse 代理的舊筆記需要這個配置

# file \apps\httpd\2225\conf.d\nginx-reverse-proxy.conf

# Make sure mod_env is loaded.
# This make sure variable _SERVER[HTTPS] is set if using Nginx as reverse proxy for Apache
# This will help some application to work, since many apps using _SERVER[HTTPS] to work with SSL
# Make sure Nginx has config: proxy_set_header X-Forwarded-Proto $scheme;

SetEnvIf X-Forwarded-Proto https HTTPS=on

因為我使用的是 Nginx 後端,所以我得到了這個配置來測試:

location ~ \.php$ {
   fastcgi_pass unix:/var/run/php5217-fpm.sock;
   fastcgi_index index.php;
   fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
   include fastcgi_params;
   fastcgi_param HTTPS 'on'; # I tested by adding this line to check
}

它工作正常,現在我的 Moodle 在 HTTPS 前端(css、js、圖像等)中載入得很好。現在我只需要一個類似於 Apache 的 Nginx 配置,SetEnvIf X-Forwarded-Proto https HTTPS=on或者確保我所有的後端每次都在 SSL 上執行

**更新 170502:**我在這裡得到了這個例子https://stackoverflow.com/questions/4848438/fastcgi-application-behind-nginx-is-unable-to-detect-that-https-secure-connectio

引用自:https://serverfault.com/questions/847415