公司项目需要将http升级到https,前端地址本来是http://ip:port 后端接口地址为http://ip:port/login

错误配置

server {
    listen           443 ssl;
    
    ssl_certificate    /usr/share/nginx/crt/server.crt;
    ssl_certificate_key  /usr/share/nginx/crt/server.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
 
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        root   /usr/share/nginx/html;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        add_header Content-Security-Policy upgrade-insecure-requests;

    }
    
    location /xxxx {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        add_header Content-Security-Policy upgrade-insecure-requests;
        proxy_pass http://ip:port/;
    }
    
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }
    
    location /file {
        alias   /var/file;
    }
}

后端接口代理到www.域名.com/xxxx     登录 验证码接口报错401,排查许久,一开始以为是代理后security放行规则需要改?后排查得知 location /xxxx需要再后面再加一个斜杠 location /xxxx/

正确配置

server {
    listen           443 ssl;
    
    ssl_certificate    /usr/share/nginx/crt/server.crt;
    ssl_certificate_key  /usr/share/nginx/crt/server.key;

    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
 
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        root   /usr/share/nginx/html;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        add_header Content-Security-Policy upgrade-insecure-requests;

    }
    
    location /xxxx/ {
        proxy_set_header Host $http_host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header REMOTE-HOST $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        add_header Content-Security-Policy upgrade-insecure-requests;
        proxy_pass http://ip:port/;
    }
    
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   html;
    }
    
    location /file {
        alias   /var/file;
    }
}

# java # nginx
Logo
魔乐社区

魔乐社区(Modelers.cn) 是一个中立、公益的人工智能社区,提供人工智能工具、模型、数据的托管、展示与应用协同服务,为人工智能开发及爱好者搭建开放的学习交流平台。社区通过理事会方式运作,由全产业链共同建设、共同运营、共同享有,推动国产AI生态繁荣发展。

更多推荐

cover

魔乐社区虾王挑战赛 · OpenClaw虾客松正式启动!

avatar 魔乐社区
cover

「极限压缩 量化未来」Modelers GeekDay上海站圆满落幕

avatar 魔乐社区
cover

量化挑战赛冠军专访:4小时啃下W4A8量化,我靠的是这些经验

avatar 魔乐社区