We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
What happened: 在k8s环境中,如果禁用http协议,使用https访问首页,会重定到http访问失败,如下
分析: 如果 NGINX 位于Kubernetes的Pod内并且背后有代理(如Ingress控制器、负载均衡器等),它从客户端接收到的请求已经可能经过了一些代理层。这时 $scheme 变量只能反映NGINX和负载均衡器之间的协议,而不能反映客户端到负载均衡器之间的协议。但如果外部请求是通过HTTPS发起的,NGINX并没有直接获得客户端的协议信息,因此$scheme只是反映代理层的协议状态。 修复建议: 可以使用$http_x_forwarded_proto替带$Scheme, http_x_forwarded_proto变量更能准确地反映客户端的原始请求协议
The text was updated successfully, but these errors were encountered:
k8s部署,如果禁用http协议,使用https无法访问首页 TencentBlueKing#2823
67382a1
owenlxu
No branches or pull requests
What happened:
在k8s环境中,如果禁用http协议,使用https访问首页,会重定到http访问失败,如下
分析:
如果 NGINX 位于Kubernetes的Pod内并且背后有代理(如Ingress控制器、负载均衡器等),它从客户端接收到的请求已经可能经过了一些代理层。这时 $scheme 变量只能反映NGINX和负载均衡器之间的协议,而不能反映客户端到负载均衡器之间的协议。但如果外部请求是通过HTTPS发起的,NGINX并没有直接获得客户端的协议信息,因此$scheme只是反映代理层的协议状态。
修复建议:
可以使用$http_x_forwarded_proto替带$Scheme, http_x_forwarded_proto变量更能准确地反映客户端的原始请求协议
The text was updated successfully, but these errors were encountered: