我试图从nginx将安全http代理到kong,但我收到一个关于发送到http端口的http请求的错误?
使用此配置:我试图从nginx将安全http代理到kong,但我收到一个关于发送到http端口的http请求的错误?,nginx,kong,Nginx,Kong,使用此配置: upstream kong { server 127.0.0.1:8000; } upstream kong_secure { server 127.0.0.1:8443; } server { listen 80; server_name api.example.co.za; error_log /var/log/nginx/api.error.log; access_log /var/log/nginx/api.access.log;
upstream kong {
server 127.0.0.1:8000;
}
upstream kong_secure {
server 127.0.0.1:8443;
}
server {
listen 80;
server_name api.example.co.za;
error_log /var/log/nginx/api.error.log;
access_log /var/log/nginx/api.access.log;
location / {
proxy_pass http://kong;
proxy_set_header Host $host;
}
}
server {
server_name api.example.co.za;
error_log /var/log/nginx/api.error.log;
access_log /var/log/nginx/api.access.log;
location / {
proxy_pass http://kong_secure;
proxy_set_header Host $host;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/api.example.co.za/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/api.example.co.za/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
我得到:
400 Bad Request
The plain HTTP request was sent to HTTPS port
Kong也在运行nginx,因此错误确实来自Kong。 我通过检查访问日志验证了这一点。 Nginx vanilla正在执行ssl终止,然后代理到上游ssl侦听ssl 然而,现在它是普通的http,但要在香港使用https端口 因此,要修复此问题,请将upsteam设置为非https端口并删除
kong_secure
,无需:
upstream kong {
server 127.0.0.1:8000;
}
但现在,香港将抱怨:
{"message":"Please use HTTPS protocol"}
要解决此问题,您需要阅读文档,最终引导您设置标题
X-Forwarded-Proto:https
,并将porxy ip添加到香港配置中的trusted\u ips
。使用proxy\u passhttp://kong;代码>或<代码>代理通行证https://kong_secure;代码>我也有同样的问题,我尝试了你上面的解决方案,但仍然不起作用。你能分享使用nginx conf的更新吗?非常感谢。