如何处理nginx反向代理https到http方案重定向 [英] how to handle nginx reverse proxy https to http scheme redirect

问题描述

我已经在托管jenkins和其他一些应用程序的ubuntu实例上将nginx设置为反向代理.我正在使用nginx根据相对路径路由到各种应用程序.从客户端到nginx的所有流量都是通过https进行的.在防火墙后面，nginx将所有内容通过http路由到配置的路径和端口号.看起来像这样:

I have set up nginx as a reverse proxy on an ubuntu instance that is hosting jenkins, and a few other applications. I'm using nginx to route to the various applications based on a relative path. All traffic from the client to nginx is over https. Behind the firewall, nginx routes everything over http to the configured path and port numbers. It looks something like this:

              firewall
                |
                |
--->https--->nginx---http--->jenkins
                |
                |

nginx配置文件的相关部分是这样的:

The relevant part of the nginx config file is this:

server {

    listen 443 ssl;

    ssl_certificate cert.crt;
    ssl_certificate_key cert.key;
    ssl_session_cache builtin:1000 shared:SSL:10m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
    ssl_prefer_server_ciphers on;


    location /jenkins {

            proxy_set_header Host $http_host;
            proxy_set_header X-NginX-Proxy true;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            proxy_pass http://127.0.0.1:6969;
    }

}

问题在于jenkins使用简单的身份验证，并且在成功登录后会发送302重定向. Nginx正确代理URL和端口，但不代理方案.因此，客户端遵循通过HTTP而不是https的重定向.然后，在浏览器中出现400错误:

The problem is that jenkins uses a simple authentication, and upon a successful login, it sends a 302 redirect. Nginx correctly proxies the url and port, but not the scheme. So the client follows the redirect over http, instead of https. In the browser I then get a 400 error:

400 Bad Request The plain HTTP request was sent to HTTPS port

我知道有一个方案变量:$ scheme.但是我不知道如何告诉nginx映射从jenkins到https的http重定向.我在stackoverflow上看到的所有示例似乎都针对稍微不同的情况.

I know that there is a scheme variable: $scheme. But I don't know how to tell nginx to map the http redirect from jenkins to https. All the examples I've looked at on stackoverflow seem to address slightly different situations.

推荐答案

我无法使用proxy-redirect，rewrite和return指令来实现我想要的行为.设置jenkins以使用https解决了该问题.

I was unable to use the proxy-redirect, rewrite and return directives to implement the behavior I was looking for. Setting up jenkins to use https solved the problem.

这篇关于如何处理nginx反向代理https到http方案重定向的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！