解决ASP.NET Core在HttpsRedirection遇到Nginx时失败的问题
解决ASPNET Core前置Nginx时,HttpsRediection失败问题
- 常规写法
- 解决办法
常规写法
public void ConfigureServices(IServiceCollection services)
{
//此处可以不指定,默认值如此
services.AddHttpsRedirection(options=>{
options.HttpsPort=443;
options.RedirectStatusCode= StatusCodes.Status307TemporaryRedirect;
});
services.Configure(options =>
{
options.CheckConsentNeeded = context => true;
options.MinimumSameSitePolicy = SameSiteMode.None;
});
services.AddMvc(options =>
{
options.Filters.Add(typeof(GlobalExceptionFilterAttribute));
}).SetCompatibilityVersion(CompatibilityVersion.Version_2_2);
}
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
app.UseHttpsRedirection();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
这个时候如果前置了Nginx时,且Nginx没有解析Https,而只是简单的转发时(配置大概如下),会陷入无限的重定向.原因是Nginx如果不配置Https转发的话,默认去重置Http的Scheme,统一使用http,而不是保持原来的https
ps: 说下,为什么不在Nginx解析Https, 因为报文的解密比较耗费资源,Nginx作为转发和负载的关键点,如果再承担Https的解析,可能会很大程度降低性能,而如果分散到应用去解析,这个计算的性能消耗就会被分散.所以产线过程中不推荐在Nginx解析Https
server {
listen 443;
server_name example.com *.example.com;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
解决办法
- Nginx添加 proxy_set_header X-Forwarded-Proto $scheme;
server {
listen 443;
server_name example.com *.example.com;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
- 添加Forward配置
public void ConfigureServices(IServiceCollection services)
{
//....
services.Configure(options =>
{
options.ForwardedHeaders =
ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});
}
- 使用Forward
public void Configure(IApplicationBuilder app, IHostingEnvironment env)
{
//...
app.UseForwardedHeaders();
app.UseHttpsRedirection();
app.UseMvc(routes =>
{
routes.MapRoute(
name: "default",
template: "{controller=Home}/{action=Index}/{id?}");
});
}
至此, http请求可以跳过Nginx直接至ASPNET Core并重定向至Https,保证和Nginx的转发效率,同时实现了重定向