现象描述:
id4的认证中心使用的是 http发布的,然后在nginx使用https来转发,结果出现,跳转到Account/Login路径,但是网页打不开。
nginx里配置如下:
server { listen 443 ssl; server_name www.lzgjscc.cn; ssl_certificate ..\ssl\8380213_www.aaa.cn.pem; ssl_certificate_key ..\ssl\8380213_www.aaa.cn.key; ssl_session_timeout 30m; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4; ssl_prefer_server_ciphers on; ssl_ecdh_curve secp384r1; ssl_session_cache shared:SSL:50m; ssl_session_tickets off; ssl_stapling on; #ensure your cert is capable ssl_stapling_verify on; #ensure your cert is capable resolver 8.8.8.8 8.8.4.4 valid=300s; resolver_timeout 30s; #the next four lines of the configuration of nginx.conf is what made MVC Hybrid work correctly after publish: proxy_buffer_size 128k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; large_client_header_buffers 4 16k; location / { fastcgi_buffers 16 16k; fastcgi_buffer_size 32k; proxy_pass http://10.10.10.10:10010; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection keep-alive; proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;#must be set or wrong url proxy_set_header X-Forwarded-Proto $scheme;#must be set or wrong url proxy_cache_bypass $http_upgrade; proxy_set_header X-URL-SCHEME https; } }
解决方法:
1、在nginx里加上一行:
proxy_set_header X-Forwarded-Proto $scheme;
2、在startup.cs里加上如下代码:
public void Configure(IApplicationBuilder app) { if (Environment.IsDevelopment()) { app.UseDeveloperExceptionPage(); } else { app.UseExceptionHandler("/Home/Error"); } var fordwardedHeaderOptions = new ForwardedHeadersOptions { ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto }; fordwardedHeaderOptions.KnownNetworks.Clear(); fordwardedHeaderOptions.KnownProxies.Clear(); app.UseForwardedHeaders(fordwardedHeaderOptions); app.UseCors("default"); app.UseSession(); app.UseCookiePolicy(); app.UseStaticFiles(); app.UseRouting(); //app.UseHttpsRedirection(); app.UseIdentityServer(); app.UseAuthentication(); app.UseAuthorization(); app.UseEndpoints(endpoints => { endpoints.MapDefaultControllerRoute(); }); }
参考链接:IdentityServer4在nginx反向代理后https引发的问题 - 海~~D - 博客园 (cnblogs.com)