我在使用HTTP和HTTPS的开发环境中使用Docker的Nginx,这是配置:
listen 80;
listen 443 ssl;
set_real_ip_from 10.0.0.0/8;
real_ip_header X-Real-IP;
real_ip_recursive on;
location / {
try_files $uri @rewriteapp;
}
location @rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
location ~ ^/(app|app_dev|app_test|config)\.php(/|$) {
fastcgi_pass php-upstream;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS $https;
}
我想在本地环境中测试HTTP和HTTPS,但是在生产环境中,我前面有一个Nginx反向代理:upstream app_upstream {
server app:80;
}
server {
server_name $APP_DOMAIN;
listen 443 ssl;
ssl_certificate /run/secrets/app_cert.pem;
ssl_certificate_key /run/secrets/app_key.pem;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://app_upstream;
}
}
我希望反向代理接受唯一的HTTPS并转发到应用程序nginx,但是我后面的PHP应用程序正在接收$ _SERVER ['HTTPS'] =“”我还希望仅在反向代理上保留SSL证书,如何将HTTPS从反向代理传递到Nginx到PHP?
最佳答案
HTTPS
变量设置为$https
(根据与后端服务器的连接设置(始终为HTTP)设置,但您希望根据转发的连接进行设置。
您可以使用X-Forwarded-Proto
header 通过HTTPS
设置map
变量。例如:
map $http_x_forwarded_proto $https_flag {
default off;
https on;
}
server {
...
location ~ ^/(app|app_dev|app_test|config)\.php(/|$) {
...
fastcgi_param HTTPS $https_flag;
...
}
}
有关更多信息,请参见this document。
关于nginx - Nginx反向代理背后的Nginx配置,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/42951301/