Add X-Forwarded-Proto https.

2021-04-29 14:50:03 +08:00 · 2021-04-29 14:50:03 +08:00 · 654500a87d
parent db8016d436
commit 654500a87d
1 changed files with 15 additions and 1 deletions
--- a/app/models/site_construct.rb
+++ b/app/models/site_construct.rb
@ -116,14 +116,27 @@ class SiteConstruct
      domain_name = self.domain_name
      new_server_block = new_server_block.gsub(/(server_name\s+)[^;]+/m){|ff| "#{$1}#{domain_name}"}
      new_server_block = new_server_block.gsub(/\s*ssl_certificate[^;]+;/,'')
-      get_redirect_block = parse_nginx_text_to_server_blocks(old_server_block,true,2).select{|t| t.match(/\s*return\s+30[12]\s+https:\/\/\$host\$request_uri\s*;/)}
+      level_2_block = parse_nginx_text_to_server_blocks(old_server_block,true,2)
+      get_redirect_block = level_2_block.select{|t| t.match(/\s*return\s+30[12]\s+https:\/\/\$host\$request_uri\s*;/)}
+      location_app_block = level_2_block.select{|t| t.match(/location\s+@app/)}
      if get_redirect_block.count > 0
        get_redirect_block.each do |redirect_block|
          new_server_block = new_server_block.gsub(redirect_block,'')
        end
      end
+      if location_app_block.count > 0
+        location_app_block = location_app_block.map do |app_block|
+            new_app_block = app_block.gsub(/proxy_set_header\s+X-Forwarded-Proto\s+https\s*;/,"")
+            new_server_block = new_server_block.gsub(app_block,new_app_block)
+            new_app_block
+        end
+      end
      if port == "443"
        new_server_block = new_server_block.gsub(/(listen\s+)[^;]+;/){|ff| ff + "\n\n  ssl_certificate #{self.cert_file_remote_store_path};\n\n  ssl_certificate_key #{self.private_key_remote_store_path};\n\n"}
+        location_app_block.each do |app_block|
+            new_app_block = app_block.gsub(/proxy_set_header\s+Host\s+\$http_host\s*;/){|ff| ff + "\n    proxy_set_header   X-Forwarded-Proto  https;"}
+            new_server_block = new_server_block.gsub(app_block,new_app_block)
+        end
      else
        if self.redirect_to_https && !self.site_cert.nil?
          new_server_block = new_server_block.sub(/(listen\s+)[^;]+;[\s\r\n]*/){|ff| ff + "  if ($host ~ (#{self.site_cert.domain_names.map{|s| '^'+s.gsub('.','\.').gsub('*','[^.]*').gsub(',','')}.join('|')}) ) {\n"+
@ -150,6 +163,7 @@ class SiteConstruct
        '    proxy_redirect     off;\n'+
        '    proxy_set_header   X-Forwarded-For \$proxy_add_x_forwarded_for;\n'+
        '    proxy_set_header   Host  \$http_host;\n'+
+        (port == "443" ? '    proxy_set_header X-Forwarded-Proto https;\n' : '')+
        '    proxy_connect_timeout   360;\n'+
        '    proxy_pass http://'+self.get_site_name+'_sock;\n'+
        '  }\n'+