1. 技术文章
  2. “no-referrer-when-downgrade error” Angular app on Firebase connecting to NGINX Jelastic

“no-referrer-when-downgrade error” Angular app on Firebase connecting to NGINX Jelastic

 ̄綄美尐妖づ 提交于 2020-03-05 06:07:03

问题


I have the following architecture:

  • An Angular webapp hosted on Google Firebase (HTTPS)
  • A jelastic environment with:
    • An NGINX server (HTTPS)
    • A Springboot 2 application server (HTTP)

In order to work fine Firebase needs to use HTTPS API, so I added to the NGINX server an SSL certificate and a public IP. If I call the API using HTTP from postman the calls work fine. But if I call the API HTTPS from the Angular app in firebase than it doesn't work and I get this error: "Referrer Policy: no-referrer-when-downgrade" - net::ERR_CONNECTION_REFUSED.

I saw this question but I was not able to fix the problem.

This is the nginx conf file. I replaced the IP addresses with XXX.XXX.XXX.XXX


######## HTTP SECTION PROTOTYPE ########

http {
    server_tokens off ;
        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        set_real_ip_from  192.168.0.0/16;
        set_real_ip_from  10.0.0.0/8;
        set_real_ip_from  172.16.0.0/16;
        real_ip_header    X-Forwarded-For;
        real_ip_recursive on;

    log_format  main  '$remote_addr:$http_x_remote_port - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" '
                      '"$host" sn="$server_name" '
                      'rt=$request_time '
                      'ua="$upstream_addr" us="$upstream_status" '
                      'ut="$upstream_response_time" ul="$upstream_response_length" '
                      'cs=$upstream_cache_status' ;


        client_header_timeout 10m;
        client_body_timeout 10m;
        send_timeout 10m;
        client_max_body_size 100m;

        connection_pool_size 256;
        client_header_buffer_size 1k;
        large_client_header_buffers 4 2k;
        request_pool_size 4k;

#        gzip on;
        gzip_min_length 1100;
        gzip_buffers 4 8k;
        gzip_types text/plain;

        output_buffers 1 32k;
        postpone_output 1460;

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;

        keepalive_timeout 75 20;

        ignore_invalid_headers on;

    map $upstream_addr        $group {
        default               "";
    ### MAPPING FOLLOWS HERE ###
    ### ~XXX\.XXX\.XXX\.XXX\:XX$   $GROUPNAME; ### MAPPROTO ### This is mappings prototype line, do not remove this! 
~XXX\.XXX\.XXX\.XXX\:80$ common; ### MAPPROTO for common ###
    }

    ### DEFAULT UPSTREAM FOLLOWS HERE ###
    upstream default_upstream{
    ### server XXX.XXX.XXX.XXX; ### $GROUPNAME ### DEFUPPROTO ###
server XXX.XXX.XXX.XXX;   ### DEFUPPROTO for common ###
    sticky path=/; keepalive 100;
}



    ### UPSTREAMS LIST FOLLOWS HERE ###
        #upstream nodes{ server XXX.XXX.XXX.XXX; server 127.0.0.1:8001 backup # UPSTREAMPROTO # This is upstream prototype line, do not remove this! }
upstream common {   server XXX.XXX.XXX.XXX ;  sticky path=/; keepalive 100; } ### UPSTREAMPROTO for common ###


        #GFADMIN

        server {
                listen *:80;
                listen [::]:80;
                server_name  _;

                #add_header Referrer-Policy "no-referrer"; # by Paolo

                access_log /var/log/nginx/localhost.access_log main;
                error_log /var/log/nginx/localhost.error_log info;

        #ModSecurityEnabled on;
        #ModSecurityConfig /etc/nginx/conf.d/modsecurity/modsec_includes.conf;

                proxy_temp_path /var/nginx/tmp/;
                proxy_connect_timeout 5s;

                error_page   500 502 503 504  /50x.html;

                proxy_next_upstream error timeout http_500;
                proxy_http_version 1.1;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Host $http_host;
                proxy_set_header X-Forwarded-For $http_x_forwarded_for;
                proxy_set_header X-Remote-Port $http_x_remote_port;
                proxy_set_header X-URI $uri;
                proxy_set_header X-ARGS $args;
                proxy_set_header Refer $http_refer;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                if ($http_x_remote_port = '' ) {
                    set $http_x_remote_port $remote_port;
                }

                location = /50x.html {
                        root   html;
                }

                location / {
                        if ($cookie_SRVGROUP ~ group|common) {
                                proxy_pass http://$cookie_SRVGROUP;
                                error_page   500 502 503 504 = @rescue;
                        }

                        if ($cookie_SRVGROUP !~ group|common) {
                                add_header Set-Cookie "SRVGROUP=$group; path=/";
                        }
                        proxy_pass http://default_upstream;
                        add_header Set-Cookie "SRVGROUP=$group; path=/";
                }

                location @rescue {
                        proxy_pass http://default_upstream;
                        add_header Set-Cookie "SRVGROUP=$group; path=/";
                }


                #USERLOCATIONS
        }

#        server {
#                listen *:8001;
#                server_name  backup.local;
#
#           location / {
#                        proxy_pass http://default_upstream;
#                        add_header Set-Cookie "SRVGROUP=$group; path=/";
#                        proxy_http_version 1.1;
#                        proxy_set_header Host $host;
#                        proxy_set_header X-Real-IP $remote_addr;
#                        proxy_set_header X-Host $http_host;
#                        proxy_set_header X-Forwarded-For $http_x_forwarded_for;
#                        proxy_set_header X-URI $uri;
#                        proxy_set_header X-ARGS $args;
#                        proxy_set_header Refer $http_refer;
#                        proxy_set_header Upgrade $http_upgrade;
#                        proxy_set_header Connection "upgrade";
#                }
#        }

 include /etc/nginx/conf.d/*.conf;

}

######## TCP SECTION PROTOTYPE ########

This is the content of conf.d/ssl.conf

#
# HTTPS server configuration
#

#server {
#    listen       443;
#    server_name  _;

#    ssl                  on;

#    ssl_certificate      cert.pem;
#    ssl_certificate_key  cert.key;

#    ssl_session_timeout  5m;

#    ssl_protocols  SSLv2 SSLv3 TLSv1;
#    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
#    ssl_prefer_server_ciphers   on;

#    location / {
#        root   html;
#        index  index.html index.htm;
#    }
#}

while this is the content of conf.d/ssl.conf.disabled

#
# HTTPS server configuration
#

server {
    listen       443 http2;
    listen       [::]:443 http2;
    server_name  _;

    ssl                  on;
    ssl_certificate      /var/lib/jelastic/SSL/jelastic.chain;
    ssl_certificate_key  /var/lib/jelastic/SSL/jelastic.key;


    ssl_session_timeout  5m;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers '*****removed by me*****';

    ssl_prefer_server_ciphers   on;
    ssl_session_cache shared:SSL:10m;

    access_log /var/log/nginx/localhost.access_log main;
    error_log /var/log/nginx/localhost.error_log info;
    proxy_temp_path /var/nginx/tmp/;
    error_page   500 502 503 504  /50x.html;

    location = /50x.html {
                        root   html;
               }

    location / {
     set $upstream_name common;
include conf.d/ssl.upstreams.inc;

                        proxy_pass http://$upstream_name;
                        proxy_next_upstream error;
                        proxy_http_version 1.1;
                        proxy_set_header Upgrade $http_upgrade;
                        proxy_set_header Connection "upgrade";
                        proxy_set_header Host $host;
                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header X-Host $http_host;
                        proxy_set_header X-Forwarded-For $http_x_forwarded_for;
                        proxy_set_header X-URI $uri;
                        proxy_set_header X-ARGS $args;
                        proxy_set_header Refer $http_refer;
                        proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Ssl-Offloaded "1";
                }
}

回答1:


You should add:

add_header 'Referrer-Policy' 'origin';

to /etc/nginx/conf.d/ssl.conf



来源:https://stackoverflow.com/questions/60002830/no-referrer-when-downgrade-error-angular-app-on-firebase-connecting-to-nginx-j

标签
https
firebase-hosting
nginx-config
jelastic
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!