问题描述:
nginx部署之后一般的跳转会是https://域名
但是flask重定向之后会访问http://域名:443,这时就会出现问题
nginx原先的配置:
upstream assetvul {
server 127.0.0.1:5010;#项目IP和端口
}
server {
listen 443 ssl;
server_name example.xxx.com;#域名
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate /opt/app/openresty/nginx/conf/ssl/xxx.com.crt;#证书
ssl_certificate_key /opt/app/openresty/nginx/conf/ssl/xxx.com.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
access_log /opt/log/nginx/xxx.access.log main;
location / {
proxy_redirect off;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 60;
proxy_buffer_size 256k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
proxy_pass http://example;
}
}
这个配置一般来说是正常的,但是总会遇到特殊情况,所以
解决方法1:
在nginx配置添加两个头部
proxy_set_headerX-Scheme$scheme;
proxy_set_headerX-Forwarded-Proto$scheme;
如果还不行,读取请求的X_Forwarded_Proto头部来获取协议参考代码:
from flask import Flask
from werkzeug.contrib.fixers impor tProxyFix
app = Flask(__name__)
app.wsgi_app = ProxyFix(app.wsgi_app)
解决方法2:
当然能改nginx配置的就尽量改nginx配置,从我的角度我是不想改代码的,所以就只能让nginx多跳几次
upstream assetvul {
server 127.0.0.1:5010;#项目IP端口
}
#=================================================================
server {
listen 80;
server_name example.xxx.com;#域名
rewrite ^(.*)$ https://$host$1 permanent;
}
#=================================================================
server {
listen 443 ssl;
server_name example.xxx.com;#域名
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers AES128-SHA:AES256-SHA:RC4-SHA:DES-CBC3-SHA:RC4-MD5;
ssl_certificate /opt/app/openresty/nginx/conf/ssl/xxx.com.crt;
ssl_certificate_key /opt/app/openresty/nginx/conf/ssl/xxx.com.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
access_log /opt/log/nginx/example.access.log main;
location / {
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
client_max_body_size 50m;
client_body_buffer_size 256k;
proxy_connect_timeout 30;
proxy_send_timeout 30;
proxy_read_timeout 60;
proxy_buffer_size 256k;
proxy_buffers 4 256k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_next_upstream error timeout invalid_header http_500 http_503 http_404;
proxy_max_temp_file_size 128m;
proxy_pass http://example;
}
}
以上两种亲测有效
参考文章:
https://segmentfault.com/q/1010000014331407
https://www.jianshu.com/p/390f8946120a