0

我希望每个人都平安无事。我也发布了服务器故障,但没有收到任何回复。

我有一个 Nginx 负载均衡器将请求转发到 Nginx 网络服务器,该服务器将请求反向代理到 gunicorn/flask 应用程序。我正在使用 Flask-Dance 应用程序来管理 OAuth。

当我尝试使用来自负载均衡器域的 google OAuth 登录时,我的登录授权 URL 被重定向到 HTTP,从而导致 400 错误。如果我在我的主要 Nginx 网络服务器上尝试相同的操作,它会完美运行。如何强制负载均衡器转到 HTTPS 下面是我的服务器块文件负载均衡器:




        upstream app {
        ip_hash;
        server <my_server_ip>;
}

server {


    server_name <load_balancer_domain_name>;
        return 301 https://$host$request_uri;
    location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_pass http://app/;
        proxy_redirect off;


    }


}

server {

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/load_balancer_domain_name/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/load_balancer_domain_name/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
     
         location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_pass http://app/;
        proxy_redirect off;

    }


}

服务器1:

server {

    listen 80 default_server;

    server_name _;
        access_log /var/log/nginx/prod1.access;

        error_log /var/log/nginx/prod1.error error;

        if ($http_x_forwarded_proto = "http") {
    return 301 https://$host$request_uri;
}
    location / {

                proxy_pass http://127.0.0.1:5000;
                proxy_set_header Host $host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Scheme $scheme;
                proxy_set_header X-Forwarded-Proto $scheme;
                proxy_set_header X-Real-IP $remote_addr;


    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 default_server ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/server_1_domain/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/server_1_domain//privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot


}

我尝试在两者上强制使用 HTTPS 似乎不起作用。我还尝试将 url_for 中的方案重写为烧瓶端的 HTTPS。谢谢你。

4

0 回答 0