版权声明:本文为博主原创文章,未经博主允许不得转载。 https://blog.csdn.net/diyiday/article/details/83376857
前言:
目前我公司使用的服务器架构为前台为nginx反向代理,后端为单台web服务器或者集群,目前的配置是这样的,nginx反向代理配置了,http和https通道,但是后端服务器配置为http通道。
平时没有什么大问题,后来用户访问网站的时候,访问https,发现代码中引用的url为http,因此获取不到网页内容。
配置内容:
前台nginx反向代理配置
server {
listen 80;
server_name www.qq.com;
location / {
proxy_pass http://114.114.114.114:80;
include /conf.d/proxy-params.conf;
}
}
server {
listen 443 ssl http2;
server_name www.qq.com;
ssl_certificate /certs/www.qq.com.crt;
ssl_certificate_key /certs/www.qq.com.key;
include /conf.d/ssl_params.conf;
include /conf.d/headers.conf;
location / {
proxy_pass http://114.114.114.114:80;
include /conf.d/proxy-params.conf;
}
}
后台服务器配置如下:
server {
listen 80 default_server;
root "/app/www/";
# Php files
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm7.sock;
}
}
前台https
url引用内容为http
看出,前台服务器是走了https和http协议,但是后台服务器只走了http协议,
这样就导致前台访问https时,后台调用页面url时的还是http,当然这个可以用代码在强制控制,但是这个不是最根本处理办法,想要彻底处理这个问题,需要让后台服务器也支持https。这样才能从源头处理这个问题。
修改方案
前台服务ssl通道的配置也需要进行修改
server {
listen 443 ssl http2;
server_name www.qq.com;
ssl_certificate /certs/www.qq.com.crt;
ssl_certificate_key /certs/www.qq.com.key;
include /conf.d/ssl_params.conf;
include /conf.d/headers.conf;
location / {
proxy_pass https://114.114.114.114:443;
include /conf.d/proxy-params.conf;
}
}
把proxy_pass http://114.114.114.114:80; 修改为 proxy_pass https://114.114.114.114:443;
后台服务器的配置修改如下:
server {
listen 80 ;
server_name www.qq.com;
root "/app/www/";
# Php files
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm7.sock;
}
}
server {
listen 443 ssl http2;
server_name www.qq.com;
root "/app/www/";
ssl_certificate /app/www.qq.com.crt;
ssl_certificate_key /app/www.qq.com.key;
# Php files
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm7.sock;
}
}
支持前后台都是实现了http+https通道,调用url不统一的问题,就可以完美处理了、
