主页 / server / 问题 / 919318
Accepted
Dimitrios Desyllas
Asked: 2018-07-04 05:50:45 +0800 CST

ssl反向代理后面的Moodle:“启用反向代理,无法直接访问服务器,抱歉。”

  • 772

我尝试使用解决方案让 moode 在 ssl 反向代理后面运行,但出现以下错误:

启用反向代理,服务器无法直接访问,抱歉。请联系服务器管理员。

在moodle的配置中,我启用了以下设置:

$CFG->reverseproxy = true;
$CFG->sslproxy = true;

从而产生了这种配置。

对于反向代理,我使用具有以下设置的 nginx:

events {
  worker_connections  768;
}

http {
  include  /etc/nginx/mime.types;
  default_type  application/octet-stream;

  charset  utf-8;

  gzip  on;
  gzip_disable  "msie6";
  client_max_body_size 10000M;

  # Mysql apache-based variant
  server {
    listen  6440 ssl;
    server_name  0.0.0.0;

    ssl_certificate     /etc/nginx/certs/cert.pem;
    ssl_certificate_key /etc/nginx/certs/key.pem;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    location / {
              proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_cache_bypass $http_upgrade;
          proxy_pass_request_headers      on;
          # In case or running another port please replace the value bellow.
            proxy_pass http://^ip^;
      }
  }
}

^ip^我反向代理请求的 ip在哪里。同样对于我在我的情况下使用的设置 url,我在 docker 容器中运行整个设置,以下https://0.0.0.0:6440不是服务 ip

docker-compose 也如下:

version: '2'
services:
  nginx_reverse:
    image: nginx:alpine
    ports:
      - "6440:6440"
    links:
      - 'moodle_mysql_reverse'
    restart: always
    volumes:
      - './conf/nginx/nginx_ssl_reverse.conf:/etc/nginx/nginx.conf:ro'
      - './conf/certs:/etc/nginx/certs:ro'

  moodle_mysql_db_reverse:
    image: mysql
    environment:
      MYSQL_RANDOM_ROOT_PASSWORD: "yes"
      MYSQL_ONETIME_PASSWORD: "yes"
      MYSQL_DATABASE: "${MOODLE_DB_NAME}"
      MYSQL_USER: '${MOODLE_MYSQL_USER}'
      MYSQL_PASSWORD: '${MOODLE_MYSQL_PASSWORD}'

  moodle_mysql_reverse:
    image: ellakcy/moodle:mysql_maria_apache
    links:
      - "moodle_mysql_db_reverse:moodle_db"
    environment:
      MOODLE_DB_HOST: "moodle_db"
      MOODLE_DB_NAME: "${MOODLE_DB_NAME}"
      MOODLE_DB_USER: '${MOODLE_MYSQL_USER}'
      MOODLE_DB_PASSWORD: "${MOODLE_MYSQL_PASSWORD}"
      MOODLE_ADMIN: "${MOODLE_ADMIN}"
      MOODLE_ADMIN_PASSWORD: "${MOODLE_ADMIN_PASSWORD}"
      MOODLE_URL: "https://0.0.0.0:6440"
      MOODLE_REVERSE_LB: "true"
      MOODLE_SSL: "true"

您知道我为什么会收到错误以及如何解决吗?

reverse-proxy

1 个回答

  1. Best Answer

    无论它是否是基于 docker 的解决方案,都建议代理通过提供Hosthttp 标头。因此 nginx 反向代理配置应该是这样的:

    events {
  worker_connections  768;
}

http {
  include  /etc/nginx/mime.types;
  default_type  application/octet-stream;

  charset  utf-8;

  gzip  on;
  gzip_disable  "msie6";
  client_max_body_size 10000M;

  # Mysql apache-based variant
  server {
    listen  6440 ssl;
    server_name  0.0.0.0;

    ssl_certificate     /etc/nginx/certs/cert.pem;
    ssl_certificate_key /etc/nginx/certs/key.pem;
    ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers         HIGH:!aNULL:!MD5;

    location / {
              proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection 'upgrade';
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_cache_bypass $http_upgrade;
          proxy_pass_request_headers      on;
          # In case or running another port please replace the value bellow.
            proxy_pass http://^ip^;
      }
  }
}

    如您所见,反向代理 nginx 配置中应该缺少以下行并且存在:

            proxy_set_header Host $host;
    • 0

相关问题