它是否需要在我的https apache代理服务器后面的Kestrel中使用https?
[英]Does it require https in Kestrel behind my https apache proxy server?
问题描述
I am not quite clear about the idea whether the Kestrel server needs to be encrypted as a localhost server. 
我不太清楚Kestrel服务器是否需要加密为本地主机服务器的想法。
I use Apache with HTTPS as the proxy server for Kestrel server. 我使用Apache和HTTPS作为Kestrel服务器的代理服务器。 Does it require to run https in Kestrel as well? 是否还需要在Kestrel中运行https? In theory, what passes through the Apache proxy server (HTTPS enabled) should be encrypted, right? 理论上,通过Apache代理服务器(启用HTTPS)的内容应该加密,对吗?
Please shed some light if you have any ideas. 如果您有任何想法,请详细说明。
1 个解决方案
解决方案1
6 已采纳 2017-05-16 10:45:22
No, you don't have to encrypt the traffic between Apache and Kestrel. 不,您不必加密Apache和Kestrel之间的流量。 The apache (or nginx or IIS) will be the SSL termination point. apache(或nginx或IIS)将是SSL终止点。
However what you need to make sure is 但是你需要确定的是
- that Apache correctly sets the forwarded headers (
x-forwarded-*headers)Apache正确设置转发的标头( x-forwarded-*标头) - kestrel is correctly configured to use these headers (
UseIISIntegrationalready does that) or register theapp.UseForwardedHeaders();正确配置UseIISIntegration以使用这些头文件(UseIISIntegration已经这样做)或注册app.UseForwardedHeaders();middleware which also registers them中间件也注册它们
Without either one, your requests will fail if the controllers/actions are marked with [RequireHttps] attribute 如果没有任何一个,如果控制器/操作标有[RequireHttps]属性,则您的请求将失败
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.