带有端口的HTTPS地址,Permalink中端口号没了,导致访问错误
mia0x75 opened this issue · comments
joyqi/typecho:nightly-php8.2-alpine Docker版本
后台设置 -> 基本,站点地址,是一个带端口号的HTTPS地址。现在博客首页中的“首页”连接是带有端口号的,但所有page/article的连接都不带端口号。
通过域名:端口/admin/ 也会跳转到不带端口号的login,出现404。手工加个端口号,页面可以加载,但css/js地址也都不带端口号,404。
具体步骤:
1,安装docker版本joyqi/typecho:nightly-php8.2-alpine,宿主及其的某一端口映射到容器的80,比如2580
2,在1panel的面板(需要安装这个面板,安装openresty,申请证书)
3,如下所示,新建网站,主域名填 域名:端口,代理地址填127.0.0.1:2580,勾选IPv6,其他任意,点击确定
4,启用HTTPS,第三步确认后回到网站列表,在新建的网站上点“配置“,在弹出页面左侧菜单选择HTTPS,启用并保存
5,修改配置,在配置页面点“配置文件”按钮,前几行端口有关的配置删除,仅保留(应该是1panel的BUG,提issue给他们了)
listen [::]:7200 ssl http2 ;
保存并重载
至此配置结束。代码层面没做任何其他改动。
申请了一个动态域名供测试 [已经失效]
typecho网站还没有配置没有初始化。
openresty 的站点配置发出来
nginx.conf
user root;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
error_log /dev/stdout notice;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
server_tokens off;
access_log /var/log/nginx/access.log main;
access_log /dev/stdout main;
sendfile on;
server_names_hash_bucket_size 512;
client_header_buffer_size 32k;
client_max_body_size 50m;
keepalive_timeout 60;
keepalive_requests 100000;
gzip on;
gzip_min_length 1k;
gzip_buffers 4 16k;
gzip_http_version 1.1;
gzip_comp_level 2;
gzip_types text/plain application/javascript application/x-javascript text/javascript text/css application/xml;
gzip_vary on;
gzip_proxied expired no-cache no-store private auth;
gzip_disable "MSIE [1-6]\.";
lua_code_cache on;
lua_shared_dict limit 10m;
lua_package_path "/www/common/waf/?.lua;/usr/local/openresty/lualib/?.lua;";
init_by_lua_file /www/common/waf/init.lua;
limit_conn_zone $binary_remote_addr zone=perip:10m;
limit_conn_zone $server_name zone=perserver:10m;
include /usr/local/openresty/nginx/conf/conf.d/*.conf;
}
conf.d下面有三个文件:
# cat 00.default.conf
map "" $empty {
default "";
}
server
{
listen 80;
listen 443 ssl http2;
server_name _;
ssl_ciphers aNULL;
ssl_certificate data:$empty;
ssl_certificate_key data:$empty;
ssl_protocols TLSv1.1 TLSv1.2 TLSv1.3;
index 404.html;
root /usr/share/nginx/html;
}
# cat default.conf
server {
listen 80 ;
server_name 127.0.0.1;
charset utf-8;
default_type text/html;
location ~ /.well-known/acme-challenge {
allow all;
root /usr/share/nginx/html;
}
location /nginx_status {
stub_status on;
access_log off;
}
root /usr/share/nginx/html;
}
# cat tai-lung.duckdns.org.conf
server {
listen [::]:7200 ssl http2 ;
server_name tai-lung.duckdns.org;
index index.php;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Real-IP $remote_addr;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
access_log /www/sites/tai-lung.duckdns.org/log/access.log;
error_log /www/sites/tai-lung.duckdns.org/log/error.log;
access_by_lua_file /www/common/waf/access.lua;
set $RulePath /www/sites/tai-lung.duckdns.org/waf/rules;
set $logdir /www/sites/tai-lung.duckdns.org/log;
set $redirect on;
set $attackLog on;
set $CCDeny off;
set $urlWhiteAllow off;
set $urlBlockDeny off;
set $argsDeny off;
set $postDeny off;
set $cookieDeny off;
set $fileExtDeny off;
set $ipBlockDeny off;
set $ipWhiteAllow off;
location ^~ /.well-known/acme-challenge {
allow all;
root /usr/share/nginx/html;
}
include /www/sites/tai-lung.duckdns.org/proxy/*.conf;
limit_conn perserver 300;
limit_conn perip 25;
limit_rate 512k;
if ($scheme = http) {
return 301 https://$host$request_uri;
}
ssl_certificate /www/sites/tai-lung.duckdns.org/ssl/fullchain.pem;
ssl_certificate_key /www/sites/tai-lung.duckdns.org/ssl/privkey.pem;
ssl_protocols TLSv1.3 TLSv1.2 TLSv1.1 TLSv1;
ssl_ciphers EECDH+CHACHA20:EECDH+CHACHA20-draft:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
add_header Strict-Transport-Security "max-age=31536000";
error_page 497 https://$host$request_uri;
proxy_set_header X-Forwarded-Proto https;
ssl_stapling on;
ssl_stapling_verify on;
}
include /www/sites/tai-lung.duckdns.org/proxy/*.conf; 你proxy 2580的配置呢?
忘记了,openresty配置文件太分散了。
只有一个文件
# cat root.conf
location ^~ / {
proxy_pass http://127.0.0.1:2580;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Forwarded-Proto $scheme;
proxy_http_version 1.1;
add_header X-Cache $upstream_cache_status;
add_header Strict-Transport-Security "max-age=31536000";
}
可能是因为 nginx.conf 的问题,因为 nginx 默认访问目录时会跳转到 “/” 结尾的URL,absolute_redirect 参数默认是开启的, 所以可以在 http{} 里添加 absolute_redirect off; 来关掉绝对路径跳转,使其变为相对路径跳转。
不用端口号,一样的配置方法,一切正常。