nginx无法跳转到开启ssl的o2oa的首页 - 问题反馈 - 藕粉社区 - O2OA(翱途)开发平台

论坛管理员 发表于 2023-2-28 16:15:56

前端f12看看，哪个地址访问不了

meijinmeng 发表于 2023-3-1 14:47:44

论坛管理员发表于 2023-2-28 16:15
前端f12看看，哪个地址访问不了

大佬看下附件截图，是不是跨域了？首页显示不出来。

server {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header REMOTE-HOST $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

listen 443 ssl;
server_name oa.sit.yintaerp.com;
ssl_certificate_key /usr/local/openresty/nginx/conf/certs/oa.sit.yintaerp.com.key;
ssl_certificate /usr/local/openresty/nginx/conf/certs/oa.sit.yintaerp.com.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
ssl_prefer_server_ciphers on;
location / {
   proxy_pass https://192.168.3.214:443;
}
}

server {
      listen 80;
      server_name oa.sit.yintaerp.com;
      #将请求转成https
      rewrite ^/(.*)$ https://192.168.3.214:443/$1 permanent;
}
~

启蒙星 发表于 2023-3-2 09:15:00

ssl已经被nginx解析了，o2不要再开启ssl，文档也是这么示例的

meijinmeng 发表于 2023-3-2 11:17:41

启蒙星发表于 2023-3-2 09:15
ssl已经被nginx解析了，o2不要再开启ssl，文档也是这么示例的

server {
   listen 80;
      proxy_http_version 1.1;
      proxy_set_header Upgrade $http_upgrade;
      proxy_set_header Connection "upgrade";
      proxy_set_header Host $host;
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header REMOTE-HOST $remote_addr;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

   server_name oa.sit.yintaerp.com;
      add_header Access-Control-Allow-Origin *;
      add_header Access-Control-Allow-Methods 'GET, POST, PATCH, DELETE, PUT, OPTIONS';
      add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization,Language';
   #将请求转成https
   #rewrite ^/(.*)$ https://192.168.3.214:443/$1 permanent;
      location / {
         proxy_pass http://192.168.3.214;
   }

   location /oa/crossLogin {
      include uwsgi_params;
      proxy_pass https://erp.erp-sit.yintaerp.com/oa/crossLogin;
   }

}

#关闭了ssl，http也转不过去无法访问资源，知道这啥问题吗

启蒙星 发表于 2023-3-2 15:57:38

o2的node文件配置和nginx的config文件配置都传上来我对照下

hppys 发表于 2023-9-25 15:42:54

meijinmeng 发表于 2023-2-28 13:31
按照官方开启ssl的方法开启的443，想用nginx跳转过去

请问这个最后怎么解决这个问题的，我的也是web一直在转圈转不过去

meijinmeng 发表于 2023-10-8 09:13:57

hppys 发表于 2023-9-25 15:42
请问这个最后怎么解决这个问题的，我的也是web一直在转圈转不过去

#最后Nginx配置：
server {
listen 80;
server_name oa.example.com;
rewrite ^/(.*)$ https://oa..com/$1 permanent;

}

server {
listen 443 ssl http2;
server_name oa.example.com oa-20020.example.com oa-20030.example.com;
client_max_body_size 200m;
ssl_protocols TLSv1.3 TLSv1.2;
ssl_prefer_server_ciphers off;
ssl_certificate    /usr/local/openresty/nginx/conf/certs/5365854__example.com.pem;
ssl_certificate_key/usr/local/openresty/nginx/conf/certs/5365854__example.com.key;
ssl_ciphers "ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384";
#include conf.d/ip_limit;
#proxy_intercept_errors off;
add_header Access-Control-Allow-Methods 'PUT,POST,GET,DELETE,OPTIONS';
add_header Access-Control-Allow-Origin oa.example.com;
add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
add_headerAccess-Control-Allow-Credentialstrue;
location / {
   proxy_buffer_size 512k;
   proxy_buffers 4 512k;
   proxy_busy_buffers_size 512k;
   proxy_temp_file_write_size 512k;
   proxy_set_header Host $http_host;
   proxy_set_header REMOTE_ADDR $remote_addr;
   proxy_set_header X-Real-IP $remote_addr;
   #proxy_set_header X-Forwarded-For $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto$scheme;
   proxy_redirect off;
   proxy_http_version 1.1;
   proxy_set_header Upgrade $http_upgrade;
   proxy_set_header Connection "Upgrade";
   proxy_hide_header 'access-control-allow-origin';
   add_header 'access-control-allow-origin' '*';
   proxy_next_upstream http_500 http_502 http_503 error timeout;
   proxy_pass http://ingress;
}

}

#主要是o2oa里面配置里所有转为443
{
"enable": true,
"center": {
"enable": true,
"order": 0,
"sslEnable": false,
"port": 20020,
"httpProtocol": "https",
"proxyHost": "oa.example.com",
"proxyPort": 443
},
"application": {
"enable": true,
"port": 20020,
"sslEnable": false,
"proxyHost": "oa.example.com",
"proxyPort": 443,
"includes": [],
"excludes": [
"com.x.base.core.project.x_mind_assemble_control",
"com.x.base.core.project.x_meeting_assemble_control",
"com.x.base.core.project.x_attendance_assemble_control"
]
},
"web": {
"enable": true,
"port": 20020,
"sslEnable": false,
"proxyHost": "oa.example.com",
"proxyPort": 443,
"proxyCenterEnable": true,
"proxyApplicationEnable": true,
"proxyTimeOut": 300
},
"data": {
"enable": false,
"tcpPort": 20050,
"webPort": 20051,
"includes": [],
"excludes": [],
"jmxEnable": false,
"cacheSize": 512,
"logLevel": "WARN",
"maxTotal": 50,
"maxIdle": 0,
"statEnable": false,
"statFilter": "mergeStat",
"slowSqlMillis": 2000,
"lockTimeout": 120000
},
"storage": {
"enable": true,
"port": 20040,
"sslEnable": false,
"name": "251",
"prefix": "",
"deepPath": false
},
"dumpData": {
"enable": false,
"cron": "",
"size": 7,
"path": ""
},
"restoreData": {
"enable": false,
"cron": "",
"path": ""
},
"nodeAgentEnable": true,
"nodeAgentPort": 20010,
"nodeAgentEncrypt": true,
"autoStart": true,
"selfHealthCheckEnable": false
}

页: 1 [2]

藕粉社区's Archiver