Answer the question
In order to leave comments, you need to log in
M
M
MrDimaFIX2020-10-18 23:48:41
MrDimaFIX, 2020-10-18 23:48:41
Https replaced with http after passing through nginx?
There is a task: to add nginx to one docker container with php-fpm, which will work on port 80.
Now this nginx has the following configuration:
server {
listen 80 default_server;
root /app/public;
add_header X-Frame-Options "SAMEORIGIN";
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options "nosniff";
index index.html index.php;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
charset utf-8;
location ~* \.php$ {
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param REQUEST_METHOD $request_method;
}
}Next to the php-fpm container (with code) and nginx, another nginx is running, which is an incoming proxy server.
The config for this host is:
server {
listen 80;
server_name test.local.host;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name test.local.host;
ssl_certificate /etc/letsencrypt/live/test.local.host/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/test.local.host/privkey.pem;
location / {
proxy_pass http://php; #php -- имя контейнера, описанного выше
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900s;
proxy_send_timeout 900s;
}
}What's the problem: when you go to test.local.host, everything works fine (when redirect to https is disabled).
When you enter the site through https://test.local.host , only index.php is loaded, and files with styles (like all others) are not loaded by the browser, because they are trying to download via http, and the browser does not allow it. Moreover, if the same file is opened via https://test.local.host/js/app.js , the file opens normally.
At some point, either the main nginx, or the second, or php-fpm decides that it works via http, and returns links to files via the http protocol.
What are the possible solutions to this problem? For several days I have not picked up a working configuration.
2 answer(s)
@MrDimaFIX
@shambler81
D
Denis Yuriev, 2020-10-18 @MrDimaFIX
It looks like nginx in the container does not send information to php-fpm about the fact that https is used
fastcgi_param REQUEST_SCHEME https;
or (I am writing from memory, sorry)
but in general according to the classics - create an info.php file with the contents
and see what arrives there with headers in php
UPD: if anyone came here from Google so as not to suffer - removed the extra quotes, details in the comments
fastcgi_param HTTPS on;
phpinfo();
V
Viktor Taran, 2020-10-19 @shambler81
DO NOT DO THIS!
Some idiot wrote a mana and all the mana on the Internet is wrong (yes it works, but there are many but)
And this is due precisely to the fact that the back does not know that it is on https, yes there are partial crutches that solve most of the jambs (but not all)
In short if in short
http -> http
https -> https
Substitute the same certificate on the back
There is no performance drop.
There is no point in inventing a bicycle, do it as it should and everything will be fine,
the genius who came up with mixing content, maybe he will answer why he came up with it, but in reality there is no use from this decision, but there are disadvantages
Similar questions
G
V
M
C
P
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question