场景
- 一个项目搭载了负载均衡, 然后需要部署https协议
参考资料
分析
- Let’s Encrypt实现ssl 在负载机部署完ssl之后, 发现了下面的问题
- 问题
Mixed Content: The page at 'https://learn.carsonlius.vip/login' was loaded over HTTPS, but requested an insecure stylesheet 'http://learn.carsonlius.vip/css/app.css'. This request has been blocked; the content must be served over HTTPS.
- 原因
- 负载均衡机器虽然监听的是443,但是转发到real server的端口是80, 所以是real server是没有办法的分辨协议的
- 问题
解决
laravel5.5 Configuring Trusted Proxies
To solve this, you may use the App\Http\Middleware\TrustProxies middleware that is included in your Laravel application, which allows you to quickly customize the load balancers or proxies that should be trusted by your application. Your trusted proxies should be listed as an array on the $proxies property of this middleware. In addition to configuring the trusted proxies, you may configure the headers that are being sent by your proxy with information about the original request:
<?php
namespace App\Http\Middleware;
use Illuminate\Http\Request;
use Fideloper\Proxy\TrustProxies as Middleware;
class TrustProxies extends Middleware
{
/**
* The trusted proxies for this application.
*
* @var array
*/
protected $proxies = [
'192.168.1.1',
'192.168.1.2',
];
/**
* The current proxy header mappings.
*
* @var array
*/
protected $headers = [
Request::HEADER_FORWARDED => 'FORWARDED',
Request::HEADER_X_FORWARDED_FOR => 'X_FORWARDED_FOR',
Request::HEADER_X_FORWARDED_HOST => 'X_FORWARDED_HOST',
Request::HEADER_X_FORWARDED_PORT => 'X_FORWARDED_PORT',
Request::HEADER_X_FORWARDED_PROTO => 'X_FORWARDED_PROTO',
];
}
App\Http\Middleware\TrustProxies Middleware的属性$proxies填写负载机的IP, $headers中也需要proxy_set_header
其实laravel5.5罗列出来的header也不完全是必须的,下面是我的配置
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;nginx 设置X-Forwarded-Proto
proxy_set_header X-Forwarded-Proto $scheme;