生成 HTTP 链接而不是 HTTPS，但 SSL 工作正常，如何解决？

Question

Jinja2 生成 HTTP 链接，而不是 HTTPS，HTTPS 是有效的，我也设置了 base 标签，但不明白问题出在哪里。

Dockerfile

FROM python:3.9.5

COPY ./gmcrm /app/src
COPY ./ssl /app/ssl
COPY ./poetry.lock /app
COPY ./pyproject.toml /app

WORKDIR /app

RUN pip3 install poetry
RUN poetry config virtualenvs.create false
RUN poetry install --no-dev --no-interaction --no-ansi
RUN pip3 install gunicorn uvloop httptools

EXPOSE 8080

WORKDIR /app/src

ENV ACCESS_LOG=${ACCESS_LOG:-/proc/1/fd/1}
ENV ERROR_LOG=${ERROR_LOG:-/proc/1/fd/2}

ENTRYPOINT /usr/local/bin/gunicorn \
    -b 0.0.0.0:8080 \
    -w 4 \
    -k uvicorn.workers.UvicornWorker main:app \
    --keyfile=/app/ssl/example.key \
    --certfile=/app/ssl/example.crt \
    --chdir /app/src \
    --access-logfile "$ACCESS_LOG" \
    --error-logfile "$ERROR_LOG"

NGINX 配置（在 docker 中）

upstream app_server {
    # fail_timeout=0 means we always retry an upstream even if it failed
    # to return a good HTTP response

    # for UNIX domain socket setups
    #server unix:/tmp/gunicorn.sock fail_timeout=0;

    # for a TCP configuration
    server gmcrm:8080 fail_timeout=0;
}

map $http_upgrade $connection_upgrade {
    default upgrade;
    '' close;
}

server {
    listen              *:443 ssl;
    listen              [::]:443;  
    server_name         example;

    # SSL
    ssl_certificate     /etc/nginx/ssl-stuff/example.crt;
    ssl_certificate_key /etc/nginx/ssl-stuff/example.key;

    # security
    include             nginxconfig.io/security.conf;

    # additional config
    include nginxconfig.io/general.conf;
}

# subdomains redirect
server {
    listen              *:443 ssl;
    listen              [::]:443;  
    server_name         *.example;

    # SSL
    ssl_certificate     /etc/nginx/ssl-stuff/example.crt;
    ssl_certificate_key /etc/nginx/ssl-stuff/example.key;
    return              301 https://example$request_uri;
}

# HTTP redirect
server {
    listen              *:80;
    listen              [::]:80;  
    server_name *.example;
    return      301 https://example$request_uri;
}

通用文件配置

# favicon.ico
location = /favicon.ico {
    log_not_found off;
    access_log    off;
}

# robots.txt
location = /robots.txt {
    log_not_found off;
    access_log    off;
}

location / {
    try_files $uri @proxy_to_app;
}


location @proxy_to_app {
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection $connection_upgrade;
    proxy_redirect off;
    proxy_pass http://app_server;
}



# gzip
gzip            on;
gzip_vary       on;
gzip_proxied    any;
gzip_comp_level 6;
gzip_types      text/plain text/css text/xml application/json application/javascript application/rss+xml application/atom+xml image/svg+xml;

Answer 1

需要将此标题添加到我的 conf 中

proxy_set_header  X-Forwarded-Protocol  $scheme;