技术 Ghost一直301重定向的解决 Sam Wu 2020年2月1日 • 2 min read samwu@SAMWU ~$ curl -v https://naizhao.com/ * Trying 127.0.0.1... * TCP_NODELAY set * Connected to naizhao.com (127.0.0.1) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * successfully set certificate verify locations: * CAfile: /etc/ssl/cert.pem CApath: none * TLSv1.2 (OUT), TLS handshake, Client hello (1): * TLSv1.2 (IN), TLS handshake, Server hello (2): * TLSv1.2 (IN), TLS handshake, Certificate (11): * TLSv1.2 (IN), TLS handshake, Server key exchange (12): * TLSv1.2 (IN), TLS handshake, Server finished (14): * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): * TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1): * TLSv1.2 (OUT), TLS handshake, Finished (20): * TLSv1.2 (IN), TLS change cipher, Change cipher spec (1): * TLSv1.2 (IN), TLS handshake, Finished (20): * SSL connection using TLSv1.2 / ECDHE-ECDSA-AES256-GCM-SHA384 * ALPN, server accepted to use h2 * Server certificate: * subject: C=CN; ST=GuangDong; L=GuangZhou; O=Super, Inc.; OU=IT; CN=*.naizhao.com * start date: Jan 5 00:00:00 2020 GMT * expire date: Jan 12 12:00:00 2022 GMT * subjectAltName: host "naizhao.com" matched cert's "naizhao.com" * issuer: C=CN; O=TrustAsia Technologies, Inc.; CN=TrustAsia ECC OV TLS Pro CA G2 * SSL certificate verify ok. * Using HTTP2, server supports multi-use * Connection state changed (HTTP/2 confirmed) * Copying HTTP/2 data in stream buffer to connection buffer after upgrade: len=0 * Using Stream ID: 1 (easy handle 0x7fb6c2001400) > GET / HTTP/2 > Host: naizhao.com > User-Agent: curl/7.64.1 > Accept: */* > * Connection state changed (MAX_CONCURRENT_STREAMS == 250)! < HTTP/2 301 < cache-control: public, max-age=31536000 < content-type: text/plain; charset=utf-8 < date: Fri, 31 Jan 2020 15:54:22 GMT < location: https://naizhao.com/ < server: Caddy < strict-transport-security: max-age=31536000; includeSubDomains; preload < vary: Accept, Accept-Encoding < x-content-type-options: nosniff < x-download-options: noopen < x-frame-options: SAMEORIGIN < x-permitted-cross-domain-policies: none < x-powered-by: Express < x-robots-tag: none < x-xss-protection: 1; mode=block < content-length: 51 < * Connection #0 to host naizhao.com left intact Moved Permanently. Redirecting to https://naizhao.com/* Closing connection 0 Ghost一直301重定向这是因为Ghost的config.json配置了URL是https://xxx.xxx,但浏览器的header并没有正确传给后端。解决方法是在nginx或者caddy里面,加上X-Forwarded-Proto proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Real-IP $remote_addr; proxy_set_header Host $http_host; Nginx.conf proxy / 127.0.0.1:2368 { transparent } Caddyfile v1 reverse_proxy { to 127.0.0.1:2368 header_up Host {http.request.host} header_up X-Real-IP {http.request.remote} header_up X-Forwarded-For {http.request.remote} header_up X-Forwarded-Port {http.request.port} header_up X-Forwarded-Proto {http.request.scheme} } Caddyfile v2