解决ASP.NET Core在HttpsRedirection遇到Nginx时失败的问题

常规写法

public void ConfigureServices(IServiceCollection services)
        {
        //此处可以不指定,默认值如此
            services.AddHttpsRedirection(options=>{
                options.HttpsPort=443;
                options.RedirectStatusCode= StatusCodes.Status307TemporaryRedirect;
            });
            services.Configure(options =>
            {
                options.CheckConsentNeeded = context => true;
                options.MinimumSameSitePolicy = SameSiteMode.None;
            });
            services.AddMvc(options =>
            {
                options.Filters.Add(typeof(GlobalExceptionFilterAttribute));
            }).SetCompatibilityVersion(CompatibilityVersion.Version_2_2);          
        }

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
                    app.UseHttpsRedirection();
                    app.UseMvc(routes =>
		            {
		                routes.MapRoute(
		                    name: "default",
		                    template: "{controller=Home}/{action=Index}/{id?}");
		            });
        }

这个时候如果前置了Nginx时,且Nginx没有解析Https,而只是简单的转发时(配置大概如下),会陷入无限的重定向.原因是Nginx如果不配置Https转发的话,默认去重置Http的Scheme,统一使用http,而不是保持原来的https

ps: 说下,为什么不在Nginx解析Https, 因为报文的解密比较耗费资源,Nginx作为转发和负载的关键点,如果再承担Https的解析,可能会很大程度降低性能,而如果分散到应用去解析,这个计算的性能消耗就会被分散.所以产线过程中不推荐在Nginx解析Https

server {
    listen        443;
    server_name   example.com *.example.com;
    location / {
        proxy_pass         http://localhost:5000;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
    }
}

解决办法

1. Nginx添加 proxy_set_header X-Forwarded-Proto $scheme;

server {
    listen        443;
    server_name   example.com *.example.com;
    location / {
        proxy_pass         http://localhost:5000;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_set_header   X-Forwarded-Proto $scheme;
    }
}

2. 添加Forward配置

public void ConfigureServices(IServiceCollection services)
        {
        	//....
			services.Configure(options =>
			            {
			                options.ForwardedHeaders =
			                    ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
			            });
 		}

3. 使用Forward

public void Configure(IApplicationBuilder app, IHostingEnvironment env)
        {
        			//...
       			    app.UseForwardedHeaders();
                    app.UseHttpsRedirection();
                    app.UseMvc(routes =>
		            {
		                routes.MapRoute(
		                    name: "default",
		                    template: "{controller=Home}/{action=Index}/{id?}");
		            });
        }

至此, http请求可以跳过Nginx直接至ASPNET Core并重定向至Https,保证和Nginx的转发效率,同时实现了重定向