使用ssl的nginx重定向循环 [英] nginx redirect loop with ssl

问题描述

这与> Nginx配置导致无限重定向循环，但是这种讨论还没有使我找到答案.我正在学习如何使用nginx和ssl，并且一切在正常的http://example.com方面都能正常运行，但是当路由到https://example.com/admin时，我会看到:

This is a very similar problem to Nginx configuration leads to endless redirect loop but that discussion has not led me to an answer yet. I'm learning how to work with nginx and ssl and everything works perfectly on the regular http:// example.com side of things, but when routing to the https:// example.com/admin I instead see:

此网页具有重定向循环

This webpage has a redirect loop

这是我的配置文件:

map $uri $example_org_preferred_proto {
        default "http";
        ~^/(images|css|javascript)/ "none";
        ~^/admin/ "https";
}

server {
    listen 80;
    root /usr/share/nginx/www/example.com/blog;

    server_name example.com;
        if ($example_org_preferred_proto = "https")
            return 301 https://example.com$request_uri;
        }

    location ~ / {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:2368;
    }

}

server {
    listen 443;
    ssl on;
    root /usr/share/nginx/www/example.com/blog;

    server_name example.com;
    ssl_certificate /usr/share/nginx/<redacted>.crt;
    ssl_certificate_key /usr/share/nginx/<redacted>.key;
    if ($example_org_preferred_proto = "http") {
        return 301 http://example.com$request_uri;
    }

    location ~ / {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:2368;
    }


}

基本上，我要完成的工作是正常运行未加密的网站，但是当我指向管理页面时，浏览器将重定向到https并加密我的登录信息.

Basically what I want to accomplish is having a site that normally runs unencrypted, but when I point to my admin page the browser redirects to https and encrypts my login.

注意:映射想法来自 http://www.redant.com.au/ruby-on-rails-devops/manage-ssl-redirection-in-nginx-using-maps-and -save-the-universe/，似乎比使用重写更好的方法

Note: the mapping idea came from http://www.redant.com.au/ruby-on-rails-devops/manage-ssl-redirection-in-nginx-using-maps-and-save-the-universe/ and seems like a much better approach than using rewrite

推荐答案

当nginx遇到https协议时，它认为它仍在使用http作为协议，并且未与其余标头一起转发，请尝试添加:

When nginx encounters a https protocol it thinks it is still using http as the protocol and is not being forwarded with the rest of the headers, try adding:

proxy_set_header        X-Forwarded-Proto $scheme;

在您所在的位置

进行修复.

in your location blocks to fix it.

这篇关于使用ssl的nginx重定向循环的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！