nginx反向代理链:将http重定向到https
一台 nginx 服务器暴露在互联网上并重定向流量。 第二个 nginx 服务器仅在内部可用并侦听端口 6880(bookstack(wiki)通过 docker 托管)。
在本地网络中,所有内容均未加密,而对于外部网络,仅通过端口 443 的 https 可用。
该应用程序(bookstack)在本地网络(http)中运行良好。 从外部通过https访问应用程序时,会显示页面,但所有链接都是http而不是https。 (例如,http://.../logo.png 位于登录页面的源代码中,但 https://.../logo.png 会正确。)
在哪里以及如何切换到 https?
第一个服务器启用了站点/bookstack(已包含到 https 的重定向):
server {
listen 80;
server_name bookstack.example.org;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name bookstack.example.org;
ssl_certificate /etc/letsencrypt/live/<...>/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/<...>/privkey.pem;
location / {
try_files index index.html $uri $uri/index.html $uri.html @bookstack;
}
location @bookstack {
proxy_redirect off;
proxy_set_header X-FORWARDED_PROTO https;
proxy_set_header Host bookstack.example.org;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://<internal ip>:6880;
}
}
第二个服务器启用了站点/bookstack:
server {
listen 80;
listen [::]:80;
server_name bookstack.example.org;
index index.html index.htm index.nginx-debian.html index.php;
location / {
proxy_pass http://<local docker container ip>:6880;
proxy_redirect off;
}
}
docker 容器还部署了自己的 nginx 配置,但我还没碰过那个。
one nginx server is exposed to the internet and redirects the traffic.
A second nginx server is only available internally and listens to port 6880 (bookstack (a wiki) is hosted via docker).
In the local network, everything is unencrypted, while to the outside only https via port 443 is available.
The application (bookstack) works fine in the local network (http).
When accessing the application from the outside via https, the page is displayed, but all links are http instead of https. (For example, http://.../logo.png is in the login page's source code, but https://.../logo.png would be correct.)
Where and how do i switch to https?
First server sites-enabled/bookstack (already contains the redirect to https):
server {
listen 80;
server_name bookstack.example.org;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name bookstack.example.org;
ssl_certificate /etc/letsencrypt/live/<...>/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/<...>/privkey.pem;
location / {
try_files index index.html $uri $uri/index.html $uri.html @bookstack;
}
location @bookstack {
proxy_redirect off;
proxy_set_header X-FORWARDED_PROTO https;
proxy_set_header Host bookstack.example.org;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass http://<internal ip>:6880;
}
}
Second server sites-enabled/bookstack:
server {
listen 80;
listen [::]:80;
server_name bookstack.example.org;
index index.html index.htm index.nginx-debian.html index.php;
location / {
proxy_pass http://<local docker container ip>:6880;
proxy_redirect off;
}
}
The docker container also deploys its own nginx config, but i didn't touch that one yet.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(1)
我解决了这个问题。上面的 nginx 设置应该可以工作。问题在于 docker 容器仍然使用错误的 APP_URL。运行 artisan 更新脚本 (bookstackapp.com/docs/admin/commands) 还不够,但重新安装 docker 容器就可以了。
I solved the problem. Above nginx settings should work. The issue was with the docker container still using the wrong APP_URL. Running the artisan update script (bookstackapp.com/docs/admin/commands) did not suffice, but reinstalling the docker container did it.