我的开发环境使用HTTP和HTTPS,我有一个带有Docker的Nginx,这是配置:
listen 80;
listen 443 ssl;
set_real_ip_from 10.0.0.0/8;
real_ip_header X-Real-IP;
real_ip_recursive on;
location / {
try_files $uri @rewriteapp;
}
location @rewriteapp {
rewrite ^(.*)$ /app.php/$1 last;
}
location ~ ^/(app|app_dev|app_test|config)\.php(/|$) {
fastcgi_pass php-upstream;
fastcgi_split_path_info ^(.+\.php)(/.*)$;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS $https;
}
我想在我的本地环境中测试HTTP和HTTPS,但在生产中我在前面有一个Nginx反向代理:
upstream app_upstream {
server app:80;
}
server {
server_name $APP_DOMAIN;
listen 443 ssl;
ssl_certificate /run/secrets/app_cert.pem;
ssl_certificate_key /run/secrets/app_key.pem;
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
location / {
proxy_pass http://app_upstream;
}
}
我希望反向代理只接受HTTPS并转发到应用程序nginx,但我的PHP应用程序正在接收$ _SERVER ['HTTPS'] =“”
我还想在反向代理上保留SSL证书,如何将HTTPS从反向代理传递到nginx到PHP?
答案 0 :(得分:0)
HTTPS变量设置为$https(根据与后端服务器的连接设置,它始终为HTTP),但您希望根据转发的连接设置它
您可以使用X-Forwarded-Proto标头使用HTTPS设置map变量。例如:
map $http_x_forwarded_proto $https_flag {
default off;
https on;
}
server {
...
location ~ ^/(app|app_dev|app_test|config)\.php(/|$) {
...
fastcgi_param HTTPS $https_flag;
...
}
}
有关详情,请参阅this document。