-
Solo v3.1.0 发布,新皮肤 Pinghsu
2019-03-03 08:38资源协议配置成 https 解决了 Mixed Content 的问题,但是 github 帐号登陆的问题还在。另外每改完一个配置我都会重启 tomcat
-
Solo v3.1.0 发布,新皮肤 Pinghsu
2019-03-02 02:34我的环境为 nginx 所在外网服务器 A,接受域名 blog.stormbirds.cn 的所有请求硬跳转至 https 协议,代理至 tomcat 容器所在服务器 B 的 http 协议的端口上,下面有 nginx 配置代码。
出现问题为无法登录。显示 Latke 配置错误,但是可以正常浏览。还有就是从 2.9.9 升级到了 3.0.0 然后升级到了 3.1.0 后出现了以下情况Mixed Content: The page at 'https://blog.stormbirds.cn/' was loaded over HTTPS, but requested an insecure stylesheet 'http://blog.stormbirds.cn/skins/Medium/css/base.css?1551464246090'. This request has been blocked; the content must be served over HTTPS. (index):1 Mixed Content: The page at 'https://blog.stormbirds.cn/' was loaded over HTTPS, but requested an insecure script 'http://blog.stormbirds.cn/js/lib/compress/pjax.min.js'. This request has been blocked; the content must be served over HTTPS. (index):1 Mixed Content: The page at 'https://blog.stormbirds.cn/' was loaded over HTTPS, but requested an insecure script 'http://blog.stormbirds.cn/js/common.min.js?1551464246090'. This request has been blocked; the content must be served over HTTPS. (index):1 Mixed Content: The page at 'https://blog.stormbirds.cn/' was loaded over HTTPS, but requested an insecure script 'http://blog.stormbirds.cn/skins/Medium/js/common.min.js?1551464246090'. This request has been blocked; the content must be served over HTTPS. (index):821 Uncaught ReferenceError: Util is not defined at (index):821 (anonymous) @ (index):821 (index):827 Uncaught ReferenceError: $ is not defined at (index):827 at (index):856 (anonymous) @ (index):827 (anonymous) @ (index):856 (index):1 Mixed Content: The page at 'https://blog.stormbirds.cn/' was loaded over HTTPS, but requested an insecure manifest 'http://blog.stormbirds.cn/manifest.json'. This request has been blocked; the content must be served over HTTPS. (index):1 Mixed Content: The page at 'https://blog.stormbirds.cn/' was loaded over HTTPS, but requested an insecure favicon 'http://blog.stormbirds.cn/favicon.png'. This request has been blocked; the content must be served over HTTPS.
我的 latke.properties 文件配置情况为
#### Server #### # Browser visit protocol serverScheme=https #### Cookie #### cookieName=solo cookieSecret=Beyond #### Runtime Mode #### #runtimeMode=DEVELOPMENT runtimeMode=PRODUCTION
我的 nginx 配置,其中添加了 X-Forwarded-Proto https 的头
server { listen 443 ssl; server_name blog.stormbirds.cn; access_log logs/access_blog.log; error_log logs/error_blog.log; ssl_certificate /root/.acme.sh/stormbirds.cn/fullchain.cer; ssl_certificate_key /root/.acme.sh/stormbirds.cn/stormbirds.cn.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; # set google location /google7118b879bf9399f4.html { root html/blog; } # set site favicon location /favicon.ico { root html; } location / { proxy_pass http://222.90.42.119:8800; proxy_http_version 1.1; add_header Access-Control-Allow-Origin *; add_header Access-Control-Allow-Headers X-Requested-With; add_header Access-Control-Allow-Methods GET,POST,OPTIONS; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header Host $host; proxy_set_header X-Forwarded-Proto $scheme; # proxy_set_header X-SSL-Client-Cert $ssl_client_cert; } } server{ listen 80 ; listen [::]:80 ; server_name blog.stormbirds.cn; access_log logs/access_blog.log; error_log logs/error_blog.log; if ($server_port = 80 ) { return 301 https://$host$request_uri; } }
而且在 tomcat 的 server.xml 中添加了 https 的协议区分
<Valve className="org.apache.catalina.valves.RemoteIpValve" remoteIpHeader="X-Forwarded-For" protocolHeader="X-Forwarded-Proto" protocolHeaderHttpsValue="https"/>