[英]I am trying to proxy secure http to kong from nginx but I get an error about http request sent to an HTTP port?
Using this config:使用此配置:
upstream kong {
server 127.0.0.1:8000;
}
upstream kong_secure {
server 127.0.0.1:8443;
}
server {
listen 80;
server_name api.example.co.za;
error_log /var/log/nginx/api.error.log;
access_log /var/log/nginx/api.access.log;
location / {
proxy_pass http://kong;
proxy_set_header Host $host;
}
}
server {
server_name api.example.co.za;
error_log /var/log/nginx/api.error.log;
access_log /var/log/nginx/api.access.log;
location / {
proxy_pass http://kong_secure;
proxy_set_header Host $host;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/api.example.co.za/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/api.example.co.za/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
I get:我得到:
400 Bad Request
The plain HTTP request was sent to HTTPS port
Kong is also running nginx, so the error was really coming from kong. Kong 也在运行 nginx,所以错误确实来自 kong。 I verified this by checking the access logs.我通过检查访问日志验证了这一点。 Nginx vanilla was doing the ssl termination and then proxying to the upstream ssl listening on ssl. Nginx vanilla was doing the ssl termination and then proxying to the upstream ssl listening on ssl.
However now it is plain http but going to an https port on kong.但是现在它是普通的 http ,但要转到 kong 上的 https 端口。
So to fix this set the upsteam to the non https port and remove kong_secure
it is not needed:因此,要解决此问题,请将上游设置为非 https 端口并删除kong_secure
它不需要:
upstream kong {
server 127.0.0.1:8000;
}
But now kong will complain with:但是现在kong会抱怨:
{"message":"Please use HTTPS protocol"}
To fix that you need to read the docs on Restricting the client protocol , eventually leading you to set the header X-Forwarded-Proto: https
and adding the porxy ip to trusted_ips
in the kong configuration.要解决此问题,您需要阅读Restricting the client protocol上的文档,最终导致您设置 header X-Forwarded-Proto: https
并添加 porxy trusted_ips
in the kong configuration.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.