由于配置 nginx 疏忽 , 导致网站管理后台提示 无限重定向 .
正确的配置至少要包含以下部分 .
location ^~ /ghost { # /ghost should be accessed securely
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:2368;
}
最关键的是这一句
proxy_set_header X-Forwarded-Proto $scheme;
以下部分是我网站在用的反向代理 https nginx 配置文件 , 仅供参考 .
server
{
listen 80;
#listen [::]:80;
server_name ghost.qinan.co;
#强制 301 跳转 , 再见 http
return 301 https://$server_name$request_uri;
}
server
{
listen 443 ssl http2;
#listen [::]:443 ssl http2;
server_name ghost.qinan.co;
charset utf-8;
ssl_certificate /path/to/cert;
ssl_certificate_key /path/to/cert.key;
#自行生成 dhparam
ssl_dhparam /etc/ssl/certs/dhparam.pem;
ssl_session_timeout 1d;
ssl_session_cache builtin:1000 shared:SSL:50m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256";
client_max_body_size 50m;
# 拦截请求,直接返回上传的静态图片资源,缓存时间 1 个月
location ^~ /content/images {
alias /www/ghost.qinan.co/content/images;
expires 1M;
access_log off;
add_header Cache-Control "public";
}
location ~ ^/(image|javascript|js|css|media|static)/ {
proxy_pass http://127.0.0.1:2368;
# root /www/ghost.qinan.co/web/static/;
access_log off;
expires 30d;
}
# 不缓存 ghost 核心文件(反向代理后台管理)
location ^~ /ghost/ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_pass http://127.0.0.1:2368;
}
# favicon
location = /favicon.ico {
root /www/ghost.qinan.co/core/shared;
access_log off;
log_not_found off;
expires 30d;
}
# cache urls
# 反向代理博客请求到服务端
location / {
proxy_cache_valid 200 60m;
proxy_cache_bypass $http_cache_control;
proxy_redirect off;
add_header X-Proxy-Cache $upstream_cache_status;
proxy_ignore_headers X-Accel-Expires Expires Cache-Control;
# 后端的Web服务器可以通过X-Forwarded-For获取用户真实IP
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host;
proxy_pass http://127.0.0.1:2368;
proxy_max_temp_file_size 0;
proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;
proxy_buffering off;
proxy_temp_file_write_size 64k;
}
location ~ /.well-known {
allow all;
}
location ~ /\.
{
deny all;
}
access_log /var/logs/ghost.qinan.co.log;
error_log /var/logs/ghost.qinan.co.error.log;
}
对应的网站目录修改为自己的配置目录即可 .
只是出现一个小问题 , 改完之后 ghost desktop 有两个页面直接 500 了 . 先凑合用这吧 .
评论区