当前位置: 文江博客话题详情

301循环启用使用NGINX在NOPCommerce上的SSL 4.50

发布于 2025-01-19 04:14:13 字数 4700 浏览 4 评论 0原文

我有一个正在运行的 Nginx 安装,它已成功地通过 SSL 提供了 index.html,没有任何问题。

当我将其指向同一台计算机上的 nopCommerce 4.50 站点时,nopcommerce 站点现在可以使用 SSL。但是,页面上的所有链接以及资源仍然使用 http,并且 Firefox 会发出警告“此页面的部分内容不安全”。

为了尝试解决此问题,我更改了 url 并在 nop 设置中启用了 SSL。

当我这样做时,该网站现在无限地重定向到自身。例如,访问 https://mynopcommerce.com 将返回 301 重定向到 https://mynopcommerce.com。为了让网站再次运行,我必须在 nop 数据库中手动禁用 SSL。

我已按照 https://docs.nopcommerce.com/en/getting-started/advanced-configuration/how-to-install-and-configure-ssl-certification.html#troubleshooting

  • 我设置了“UseHttpXForwardedProto”在 appsettings.json 中设置为 true
  • 我已经清除了浏览器/服务器/代理 cookie 和缓存。
  • 我没有使用 cloudflare、dns 或除 nginx 之外的任何其他代理服务作为反向代理。

我的 nginx 服务器块:

server {
    listen 443 ssl;
    server_name mynopcommerce.com;

    ssl_certificate /etc/letsencrypt/live/mynopcommerce.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mynopcommerce.com/privkey.pem;

    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    
    location / {
        proxy_pass         http://nopcommerce_web; # DNS resolves name to nop server
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }
}

我相信这可能与 nginx 处理 SSL 有关。并且在 nop 上启用 SSL 后,nop 和 nginx 之间的非 ssl 通信可能会使 nop 返回 301 到 https 版本的站点,而不知道它已经在上面了?

这是 1 个请求期间 nginx 和 nop 的日志。 (它循环这个直到出错)

nopcommerce_nginx      | [03/Apr/2022:21:07:00 +0000] "GET / HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0" "-"
nopcommerce_web        | {"EventId":1,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Hosting.Diagnostics","Message":"Request starting HTTP/1.1 GET http://mynopcommerce.com/ - -","State":{"Message":"Request starting HTTP/1.1 GET http://mynopcommerce.com/ - -","Protocol":"HTTP/1.1","Method":"GET","ContentType":null,"ContentLength":null,"Scheme":"http","Host":"mynopcommerce.com","PathBase":"","Path":"/","QueryString":""}}
nopcommerce_web        | {"EventId":0,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Routing.EndpointMiddleware","Message":"Executing endpoint \u0027Nop.Web.Controllers.HomeController.Index (Nop.Web)\u0027","State":{"Message":"Executing endpoint \u0027Nop.Web.Controllers.HomeController.Index (Nop.Web)\u0027","EndpointName":"Nop.Web.Controllers.HomeController.Index (Nop.Web)","{OriginalFormat}":"Executing endpoint \u0027{EndpointName}\u0027"}}
nopcommerce_web        | {"EventId":3,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","Message":"Route matched with {action = \u0022Index\u0022, controller = \u0022Home\u0022, area = \u0022\u0022}. Executing controller action with signature Microsoft.AspNetCore.Mvc.IActionResult Index() on controller Nop.Web.Controllers.HomeController (Nop.Web).","State":{"Message":"Route matched with {action = \u0022Index\u0022, controller = \u0022Home\u0022, area = \u0022\u0022}. Executing controller action with signature Microsoft.AspNetCore.Mvc.IActionResult Index() on controller Nop.Web.Controllers.HomeController (Nop.Web).","RouteData":"{action = \u0022Index\u0022, controller = \u0022Home\u0022, area = \u0022\u0022}","MethodInfo":"Microsoft.AspNetCore.Mvc.IActionResult Index()","Controller":"Nop.Web.Controllers.HomeController","AssemblyName":"Nop.Web","{OriginalFormat}":"Route matched with {RouteData}. Executing controller action with signature {MethodInfo} on controller {Controller} ({AssemblyName})."}}
nopcommerce_web        | {"EventId":3,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","Message":"Authorization failed for the request at filter \u0027Nop.Web.Framework.Mvc.Filters.HttpsRequirementAttribute\u002BHttpsRequirementFilter\u0027.","State":{"Message":"Authorization failed for the request at filter \u0027Nop.Web.Framework.Mvc.Filters.HttpsRequirementAttribute\u002BHttpsRequirementFilter\u0027.","AuthorizationFilter":"Nop.Web.Framework.Mvc.Filters.HttpsRequirementAttribute\u002BHttpsRequirementFilter","{OriginalFormat}":"Authorization failed for the request at filter \u0027{AuthorizationFilter}\u0027."}}
原文

I have a working Nginx installation that has successfully served an index.html with SSL with no problems.

When I point it toward my nopCommerce 4.50 site on the same machine, the nopcommerce site now works with SSL. However, all links on the page as well as resources still use http and firefox gives a warning that "Parts of this page are not secure"

To attempt to fix that, I have changed the url and enabled SSL in the nop settings.

When I did that, the site now infinitely redirects to itself. For instance, accessing https://mynopcommerce.com returns a 301 redirecting to https://mynopcommerce.com. To get the site working again, I have to manually disable SSL in the nop database.

I have tried all fixes for this issue as suggested by https://docs.nopcommerce.com/en/getting-started/advanced-configuration/how-to-install-and-configure-ssl-certification.html#troubleshooting

  • I have set "UseHttpXForwardedProto" to true in the appsettings.json
  • I have cleared browser/server/proxy cookies and cache.
  • I am not using cloudflare, dns, or any other proxy services other than nginx as the reverse proxy.

My nginx server block:

server {
    listen 443 ssl;
    server_name mynopcommerce.com;

    ssl_certificate /etc/letsencrypt/live/mynopcommerce.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mynopcommerce.com/privkey.pem;

    include /etc/letsencrypt/options-ssl-nginx.conf;
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
    
    location / {
        proxy_pass         http://nopcommerce_web; # DNS resolves name to nop server
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }
}

I believe it might be related to the fact that nginx is handling SSL. And with SSL enabled on nop, the non-ssl communication between nop and nginx may make nop return a 301 to the https version of the site, not knowing that it's already on it?

This is the log from nginx and nop during 1 request. (It loops this until error)

nopcommerce_nginx      | [03/Apr/2022:21:07:00 +0000] "GET / HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:98.0) Gecko/20100101 Firefox/98.0" "-"
nopcommerce_web        | {"EventId":1,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Hosting.Diagnostics","Message":"Request starting HTTP/1.1 GET http://mynopcommerce.com/ - -","State":{"Message":"Request starting HTTP/1.1 GET http://mynopcommerce.com/ - -","Protocol":"HTTP/1.1","Method":"GET","ContentType":null,"ContentLength":null,"Scheme":"http","Host":"mynopcommerce.com","PathBase":"","Path":"/","QueryString":""}}
nopcommerce_web        | {"EventId":0,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Routing.EndpointMiddleware","Message":"Executing endpoint \u0027Nop.Web.Controllers.HomeController.Index (Nop.Web)\u0027","State":{"Message":"Executing endpoint \u0027Nop.Web.Controllers.HomeController.Index (Nop.Web)\u0027","EndpointName":"Nop.Web.Controllers.HomeController.Index (Nop.Web)","{OriginalFormat}":"Executing endpoint \u0027{EndpointName}\u0027"}}
nopcommerce_web        | {"EventId":3,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","Message":"Route matched with {action = \u0022Index\u0022, controller = \u0022Home\u0022, area = \u0022\u0022}. Executing controller action with signature Microsoft.AspNetCore.Mvc.IActionResult Index() on controller Nop.Web.Controllers.HomeController (Nop.Web).","State":{"Message":"Route matched with {action = \u0022Index\u0022, controller = \u0022Home\u0022, area = \u0022\u0022}. Executing controller action with signature Microsoft.AspNetCore.Mvc.IActionResult Index() on controller Nop.Web.Controllers.HomeController (Nop.Web).","RouteData":"{action = \u0022Index\u0022, controller = \u0022Home\u0022, area = \u0022\u0022}","MethodInfo":"Microsoft.AspNetCore.Mvc.IActionResult Index()","Controller":"Nop.Web.Controllers.HomeController","AssemblyName":"Nop.Web","{OriginalFormat}":"Route matched with {RouteData}. Executing controller action with signature {MethodInfo} on controller {Controller} ({AssemblyName})."}}
nopcommerce_web        | {"EventId":3,"LogLevel":"Information","Category":"Microsoft.AspNetCore.Mvc.Infrastructure.ControllerActionInvoker","Message":"Authorization failed for the request at filter \u0027Nop.Web.Framework.Mvc.Filters.HttpsRequirementAttribute\u002BHttpsRequirementFilter\u0027.","State":{"Message":"Authorization failed for the request at filter \u0027Nop.Web.Framework.Mvc.Filters.HttpsRequirementAttribute\u002BHttpsRequirementFilter\u0027.","AuthorizationFilter":"Nop.Web.Framework.Mvc.Filters.HttpsRequirementAttribute\u002BHttpsRequirementFilter","{OriginalFormat}":"Authorization failed for the request at filter \u0027{AuthorizationFilter}\u0027."}}

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(3

何以畏孤独 2025-01-26 04:14:13

从 4.50 版本开始,nopCommerce 更改了此 API。您应该使用 appSettings.json 文件中的 UseProxy 选项(设置为 true 值),而不是 UseHttpXForwardedProto

Since version 4.50, nopCommerce has changed this API. You should use the UseProxy option (set to true value) in appSettings.json file instead of the UseHttpXForwardedProto.

回复 原文
白云不回头 2025-01-26 04:14:13

您可以清除 ForwardedHeadersOptions 中的 KnownNetworks 和 KnownProxies 或将 ASPNETCORE_FORWARDEDHEADERS_ENABLED 设置为 true ,以执行 相同。查看更多此处。这个答案也可以提供帮助。

You can clear KnownNetworks and KnownProxies in ForwardedHeadersOptions or set ASPNETCORE_FORWARDEDHEADERS_ENABLED to true that does the same. See more here. This answer also can help.

回复 原文
旧时模样 2025-01-26 04:14:13

有很多事情可能会导致这个问题,但我想指出一个违反直觉的特定修复(以及我在 Traefik 后面运行 nopCommerce 4.7.3 时遇到的问题:

当使用终止 SSL 连接的反向代理时并通过 HTTP 连接到后端,您需要将 UseProxy 设置为“true”并保留 KnownProxies 空白如果您在此配置中的 KnownProxies 中放置一个值,则该网站将表现得需要提供自己的 https 内容并导致无限循环的重定向。这

是我的 appsettings.json 中的相关部分供参考:

"HostingConfig": {
  "UseProxy": true,
  "ForwardedProtoHeaderName": null,
  "ForwardedForHeaderName": null,
  "KnownProxies": "",
  "KnownNetworks": ""
},

我在这个答案<的倒数第二段中找到了关键信息。 /a>

There are quite a few things that can cause this issue, but I want to point out one particular fix that's counter-intuitive (and the problem I had running nopCommerce 4.7.3 behind Traefik:

When using a reverse-proxy that terminates the SSL connection and connects to the backend via HTTP, you need to set UseProxy to "true" and leave KnownProxies blank in appsettings.json. If you put a value in KnownProxies in this configuration, the site will act like it needs to serve its own https content and cause an endless loop of redirects.

Here's the relevant section from my appsettings.json for reference:

"HostingConfig": {
  "UseProxy": true,
  "ForwardedProtoHeaderName": null,
  "ForwardedForHeaderName": null,
  "KnownProxies": "",
  "KnownNetworks": ""
},

I found the key piece of information in the second-to-last paragraph of this answer

回复 原文
~没有更多了~

关于作者

〃温暖了心ぐ

暂无简介

文章
评论
26 人气
发私信

相关话题

更多

热门标签

操作系统 程序设计 IT运维 Linux系统管理 JavaScript 服务器应用 solaris C/C++ PHP Shell BSD Vue.js aix Oracle Python HTML 系统管理 HTML5 CSS 前端
更多

推荐作者

alipaysp_snBf0MSZIv

文章 0 评论 0

梦断已成空

文章 0 评论 0

瞎闹

文章 0 评论 0

凯凯我们等你回来

文章 0 评论 0

寄意

文章 0 评论 0

似梦非梦

文章 0 评论 0

更多

友情链接

文江博客
    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文