我正试图通过使用HA代理后面的C#.Net HttpContext.Current.Request.url.AbsoluteUri来获取url,但即使我输入**https://**app02.mywebsite.com.br/teste.aspx,我也会得到**http://**app02.mywebsite.com.br/teste.spx.
它总是从https更改为http。
如果我这样做而不落后,如果我能得到正确的URL。
如果有人知道会发生什么,我会很感激的!
这是我用来测试这个问题的代码。
<%@ Page Language="C#" Debug="true" %>
<%
Response.Write(HttpContext.Current.Request.Url.AbsoluteUri);
%>
这是我的HA代理前端配置。
frontend main
bind *:80
bind *:443 ssl crt /etc/haproxy/certificates/my-2023.pem
mode http
http-request set-header X-Client-IP %[hdr(X-Forwarded-For)]
http-request set-header X-Forwarded-For %[hdr(X-Forwarded-For)]
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
redirect scheme https code 301 if !{ ssl_fc }
http-response replace-header Set-Cookie (.*) 1; Secure
http-response replace-header Set-Cookie (.*) 1; HttpOnly
http-response set-header X-Server %s
感谢
这是我的完整haprox.cfg
global
log 127.0.0.1 local0
chroot /var/lib/haproxy
user haproxy
group haproxy
daemon
stats socket /var/run/haproxy.sock mode 664 level admin
stats timeout 2m
tune.ssl.default-dh-param 2048
defaults
mode http
monitor-uri /health_check
log global
option dontlognull
option httplog
option forwardfor
option http-keep-alive
timeout connect 2700s
timeout client 2700s
timeout server 2700s
listen stats
bind :9000
mode http
balance
timeout client 5s
timeout connect 4s
timeout server 30s
stats uri /haproxy_stats
stats realm HAProxy Statistics
stats auth admin:admin
stats admin if TRUE
frontend main
bind *:80
bind *:443 ssl crt /etc/haproxy/certificates/efp-2023.pem
mode http
redirect scheme https code 301 if !{ ssl_fc }
acl is_cf src -f /etc/haproxy/cf-ips-v4
http-request set-header X-Client-IP %[hdr(X-Forwarded-For)] if !is_cf
http-request set-header X-Client-IP %[hdr(cf-connecting-ip)] if is_cf
http-request set-header X-Forwarded-For %[hdr(X-Forwarded-For)]
http-request set-header X-Forwarded-Port %[dst_port]
http-request add-header X-Forwarded-Proto https if { ssl_fc }
http-response replace-header Set-Cookie (.*) 1; Secure
http-response replace-header Set-Cookie (.*) 1; HttpOnly
http-response set-header X-Server %s
#############################
######### Frontends #########
#############################
## efp WS FrontEnd
acl is_efp_uptime hdr_dom(Host) -i wsxnew.efp.com.br wsx.efp.com.br
use_backend be_efp_uptime if is_efp_uptime
## efp SITE FrontEnd
acl is_x_uptime hdr_dom(Host) -i xnew.efp.com.br x.efp.com.br x1.efp.com.br
use_backend be_x_uptime if is_x_uptime
###########################
####### Backends ##########
###########################
## efp WS BackEnd
backend be_efp_uptime
cookie SERVERID insert indirect nocache
server app01 10.100.83.227:80 check
## efp SITE BackEnd
backend be_x_uptime
cookie SERVERID insert indirect nocache
server x01 10.100.83.227:80 check
我会将redirect scheme https code 301 if !{ ssl_fc }直接放在mode http之后。
由于您尚未将后端和服务器行放入输出中,我假设haproxy已配置为与应用程序进行http通信。正因为如此,应用程序才不知道orgin通信是通过https完成的。正如@mcont已经提到的,您需要告诉应用程序客户端通信是通过https完成的。
打印标题X-Forwarded-Proto,而不仅仅是uri,然后你会看到haproxy网站上的通信是否通过https完成。