web-dev-qa-db-ja.com

nginxがhttpsではなくhttpで302 FOUNDを返す

プロキシされたアプリケーションであるhttps://seafile.example.comにアクセスしようとします。アプリケーションは302を返しますが、HTTPSではなくHTTPを使用します。これがNginxまたはアプリケーション(この場合はSeafile)で修正された場合、私は試しましたが、何が問題なのかわかりません。

curl -v https://seafile.example.comからの出力

< HTTP/1.1 302 FOUND
< Server: nginx/1.12.2
< Date: Fri, 18 May 2018 03:08:02 GMT
< Content-Type: text/html; charset=utf-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Vary: Accept-Language, Cookie
< Location: http://seafile.example.com/accounts/login?next=/
< Content-Language: en

私は期待していました https:// seafile ...

Nginx設定:

server {
    listen 80;
    server_name seafile.example.com;

    return 301 https://$server_name$request_uri;
}
server {
    listen 443 ssl;
    server_name seafile.example.com;
    ssl_certificate /etc/letsencrypt/live/seafile.example.com-0001/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/seafile.example.com-0001/privkey.pem; # managed by Certbot

    include /etc/nginx/conf.d/ssl.conf;

   proxy_set_header X_Forwarded-For $remote_addr;

   location / {
   proxy_pass         http://192.168.99.12:8000;
   proxy_set_header   Host $Host;
   proxy_set_header   X-Real-IP $remote_addr;
   proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header   X-Forwarded-Host $server_name;
   proxy_set_header   X-Forwarded-Proto https;

   access_log      /var/log/nginx/seahub.access.log;
   error_log       /var/log/nginx/seahub.error.log;

   proxy_read_timeout  1200s;

   client_max_body_size 0;
   }
   location /seafhttp {
       rewrite ^/seafhttp(.*)$ $1 break;
       proxy_pass http://192.168.99.12:8082;
       client_max_body_size 0;
       proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_connect_timeout  36000s;
       proxy_read_timeout  36000s;
       proxy_send_timeout  36000s;
       send_timeout  36000s;
   }

seahub_settings.py

# -*- coding: utf-8 -*-
SECRET_KEY = "random"

DATABASES = {
    'default': {
        'ENGINE': 'Django.db.backends.mysql',
        'NAME': 'seahub-db',
        'USER': 'seafile',
        'PASSWORD': 'random',
        'Host': '127.0.0.1',
        'PORT': '3306'
    }
}

FILE_SERVER_ROOT = 'https://seafile.example.com'

EMAIL_USE_TLS = True
EMAIL_Host = 'mail.example.com'        # smpt server
EMAIL_Host_USER = ''    # username and domain
EMAIL_Host_PASSWORD = ''    # password
EMAIL_PORT = 25
DEFAULT_FROM_EMAIL = '[email protected]'
SERVER_EMAIL = '[email protected]'

ccnet.conf

[General]
USER_NAME = seafile
ID = ranodm
NAME = seafile
SERVICE_URL = https://seafile.example.com

[Client]
PORT = 13419

[Database]
ENGINE = mysql
Host = 127.0.0.1
PORT = 3306
USER = seafile
PASSWD = random
DB = ccnet-db
CONNECTION_CHARSET = utf8
1
user3549596

このスニペットを試してください:

server {
        listen 443;
        listen [::]:443;
        server_name seafile.example.com;
        include /etc/nginx/conf.d/ssl.conf;
        location / {
                proxy_set_header X-Forwarded-Host $Host;
                proxy_set_header X-Forwarded-Server $Host;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                proxy_pass http://192.168.99.12:8000/;
                proxy_http_version 1.1;
                proxy_redirect http://192.168.99.12:8000/ https://seafile.example.com/;
                proxy_read_timeout  1200s;
                client_max_body_size 0;
        }
        ssl     on;
        ssl_certificate /etc/letsencrypt/live/seafile.example.com-0001/fullchain.pem;
        ssl_certificate_key     /etc/letsencrypt/live/seafile.example.com-0001/privkey.pem;
        add_header Strict-Transport-Security "max-age=63072000; includeSubDomains; preload";
        add_header X-Frame-Options SAMEORIGIN;
        add_header X-Content-Type-Options nosniff;
}
1
Craft