nginx反向代理出现阻止载入混合活动内容的错误

最近在访问wordpress后台时,经常出现页面加载不全,甚至是完全空白的情况。在打开浏览器调试后发现错误信息:************ was loaded over HTTPS, but requested an insecure XMLHttpRequest endpoint ‘***************‘. This request has been blocked; the content must be served over HTTPS.

了解该错误造成原因是由于新版浏览器默认禁止混合内容的载入,通过浏览器站点设置可以解决。

另外考虑近期用了给wordpress做了反向代理后才出现这种情况,所以想着是否nginx反向代理是否有设置可以解决改问题,解决方法是在nginx配置文件server或location域中添加:

add_header Content-Security-Policy upgrade-insecure-requests;

然后重启nginx即可,这样在不同的电脑上就不用调整每个浏览器的设置

使用nginx反向代理qbittorrent-nox

qbittorrent-nox设置

  • 修改qbittorrent-nox web ui监听地址

使用qbittorrnet-nox使用帮助查看了一下,没有看到有相关的监听地址选项,只有端口的设置,登入到qbittorrent-nox 的web ui中可以修改监听的ip地址,默认为*

到tools-options-Web UI-Web User Interface (Remote control)中将IP address:修改为127.0.0.1,重启后即无法从外部地址访问qbittorrent-nox。

  • 重启qbittorrent-nox

使用systemd服务重启qbittorrent-nox,具体使用方法参阅Dedian 10 使用qbittorrent-nox web

 sudo systemctl start qbittorrent-nox

nginx反向代理

  • 添加反向代理配置

 location /qbit/ {
    proxy_pass http://127.0.0.1:8080/;
    proxy_http_version      1.1;
    proxy_set_header        X-Forwarded-Host        $http_host;
    http2_push_preload on; # Enable http2 push
  }
  • 启用nginx_http_auth_basic认证

    • 使用htpasswd创建认证文件  # htpasswd -c /etc/nginx/qbit.passwd qbit
    • 在nginx反向代理qbittorrent-nox块中使用创建的认证信息
 location /qbit/ {
    auth_basic "Welcome Qbittorrent"; 
    auth_basic_user_file /etc/nginx/qbit.passwd;
    proxy_pass http://127.0.0.1:8080/;
    proxy_http_version      1.1;
    proxy_set_header        X-Forwarded-Host        $http_host;
    http2_push_preload on; # Enable http2 push
  }
  • 重启nginx

#systemctl restart qbittorrent-nox

到此即可使用nginx访问qbittorrnet-nox的web ui了,http://yourdomain/qbit

 

Nextcloud issues

The test with getenv(“PATH”) only returns an empty response

修改php-fpm中www.conf,将下面行的内容注释取消,重启php

;env[HOSTNAME] = $HOSTNAME
;env[PATH] = /usr/local/bin:/usr/bin:/bin
;env[TMP] = /tmp
;env[TMPDIR] = /tmp
;env[TEMP] = /tmp

nextcloud在nginx中的伪静态规则,在站点配置中添加一下内容:

location
~ ^/(data|config|\.ht|db_structure\.xml|README) {
deny all;
}

The “Strict-Transport-Security” HTTP header is not configured to least “15552000” seconds. For enhanced security we recommend enabling HSTS as described in our security tips.

在站点SSL配置文件添加一下内容(apache2: a2enmod headers)

NGINX:

add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";

APACHE:

 Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"

 

Something wordpress

php:
/etc/php5/fpm/pool.d/www.conf >>
listen = 127.0.0.1:9000 (#listen = /var/run/php5-fpm.sock)
listen.allowed_clients = 127.0.0.1

Nginx Site Config


location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;

 

# NOTE: You should have “cgi.fix_pathinfo = 0;” in php.ini

# With php5-cgi alone:
fastcgi_pass 127.0.0.1:9000;
# With php5-fpm:
#fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}

WordPress Rewrite

add content to

location /{
if (!-e $request_filename) {
rewrite (.*) /index.php;
}
}

 

DataBase

CREATE DATABASE wp;

GRANT ALL PRIVILEGES ON wp.* TO "wpuser"@"localhost" IDENTIFIED BY "password";