現象描述:
id4的認證中心使用的是 http發佈的,然後在nginx使用https來轉發,結果出現,跳轉到Account/Login路徑,但是網頁打不開。
nginx裏配置如下:
server { listen 443 ssl; server_name www.lzgjscc.cn; ssl_certificate ..\ssl\8380213_www.aaa.cn.pem; ssl_certificate_key ..\ssl\8380213_www.aaa.cn.key; ssl_session_timeout 30m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_prefer_server_ciphers on; ssl_ecdh_curve secp384r1; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_stapling on; #ensure your cert is capable ssl_stapling_verify on; #ensure your cert is capable resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 30s; #the next four lines of the configuration of nginx.conf is what made MVC Hybrid work correctly after publish: proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; large_client_header_buffers 4 16k; location / { fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; proxy_pass http://10.10.10.10:10010; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection keep-alive; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;#must be set or wrong url proxy_set_header X-Forwarded-Proto $scheme;#must be set or wrong url proxy_cache_bypass $http_upgrade; proxy_set_header X-URL-SCHEME https; } }
解決方法:
1、在nginx里加上一行:
proxy_set_header X-Forwarded-Proto $scheme;
2、在startup.cs里加上如下代碼:
public void Configure(IApplicationBuilder app) { if (Environment.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { app.UseExceptionHandler("/Home/Error"); } var fordwardedHeaderOptions = new ForwardedHeadersOptions { ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto }; fordwardedHeaderOptions.KnownNetworks.Clear(); fordwardedHeaderOptions.KnownProxies.Clear(); app.UseForwardedHeaders(fordwardedHeaderOptions); app.UseCors("default"); app.UseSession(); app.UseCookiePolicy(); app.UseStaticFiles(); app.UseRouting(); //app.UseHttpsRedirection(); app.UseIdentityServer(); app.UseAuthentication(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapDefaultControllerRoute(); }); }
參考鏈接:IdentityServer4在nginx反向代理後https引發的問題 - 海~~D - 博客園 (cnblogs.com)