我正在为网站设置nginx。我想只设置一些子链接到ssl链接用户登录,注册.i创建一个让加密ssl和证书工作正常。我检查了ssl购物者。我想仅为商店配置ssl而不是为所有site.so我将商店从80重定向到443只有商店想要工作ssl。但在我配置之后 在nginx上一些按钮(javascriptvoid)无效。它说混合内容,所以当我查看视图源时,它显示按钮的URL仍然是商店页面中的http。(它应该是https)。
我检查一切,我重新配置nginx,检查tomcat方面,所有都是oky.i不知道是什么问题。
我的nginx配置就在这里
((/ sub)子位置是我想要工作的那个https)
upstream backend_front {
ip_hash;
server tomcat_serverip:8080;
}
server {
listen 80;
server_name www.domianname.com;
charset utf-8;
access_log /var/log/nginx/80access.log main;
location / {
proxy_pass http://backend_front;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
location /sub/ {
if ($http_x_forwarded_proto != 'https') {
return 301 https://$server_name$request_uri;
}
proxy_pass http://backend_front;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
server {
listen 443 ssl;
server_name www.domainname.my;
ssl on;
ssl_certificate /etc/letsencrypt/live/fullch.pem;
ssl_certificate_key /etc/letsencrypt/live/privkey.pem;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 15m;
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS;
charset utf-8;
access_log /var/log/nginx/443access.log main;
add_header Strict-Transport-Security "max-age=31536000";
root /data/resources/;
location /sub/ {
proxy_pass http://backend_front;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location / {
proxy_pass http://backend_front;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
# for static files caching
location ~ .*\.(html|jsp)?$ {
proxy_pass http://backend_front;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ .*\.(gif|jpg|jpeg|bmp|png|ico|txt|js|css)$ {
root /data/resources/;
expires 20m;
} # for static files caching -- end
location ~ /favicon\.ico {
root html;
}
location ~ /\. {
deny all;
}
}
<a href="javascript:void(0)" url="http://www.example.com/store/account.htm" onclick="tiaozhuan(this)" style="padding:0px">Manage Account</a>
<a href="javascript:void(0)" url="http://www.example.com/store/order.htm" onclick="tiaozhuan(this)" style="padding:0px">My Orders</a>
jquery-1.8.3.min.js:2 Mixed Content: The page at 'https://www.example.com/store/account.htm' was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint 'http://www.example.com/isLogin.htm'. This request has been blocked; the content must be served over HTTPS.
send @ jquery-1.8.3.min.js:2
ajax @ jquery-1.8.3.min.js:2
tiaozhuan @ account.htm:155
onclick @ account.htm:77
请帮助我们这个。我被困在最近1周来解决这个问题。我不是程序员我是系统管理员。和nginx.please的新帮助。
答案 0 :(得分:0)
&#34;混合内容&#34;通常是指一个页面,在加载后,然后在HTTP和HTTPS下发出二级请求(例如,图像,CSS,javascript)。
当您使用HTTPS下的请求时,所有后续请求也必须是HTTPS。您需要将按钮的URL转换为&#34; https://&#34;
答案 1 :(得分:0)
最后我们发现了问题并在3周后解决了问题。 问题是代理ip.We使用nginx服务器重定向和代理。所以我们需要在tomcat的server.xml中添加关于nginx服务器ip的aditional enty。这是条目。
<Valve className="org.apache.catalina.valves.RemoteIpValve" internalProxies="111\.111\.111\.111" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https" httpsServerPort="443" />
所以内部代理是Nginx IP。