环境说明

由于家里的宽带没有公网IP,所以只能使用 frp 进行内网穿透。discuz 安装在内网的 10.10.10.200 服务器上!

项目配置

frpc 配置:

内网 discuz 虚拟主机配置

nginx 虚拟主机配置:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
server {
    listen 80;
    server_name blog.xxx.com;

    location / {
        root /data/website/discuz/upload;
        index index.php;
    
        rewrite ^([^\.]*)/topic-(.+)\.html$ $1/portal.php?mod=topic&topic=$2 last;
        rewrite ^([^\.]*)/article-([0-9]+)-([0-9]+)\.html$ $1/portal.php?mod=view&aid=$2&page=$3 last;
        rewrite ^([^\.]*)/forum-(\w+)-([0-9]+)\.html$ $1/forum.php?mod=forumdisplay&fid=$2&page=$3 last;
        rewrite ^([^\.]*)/thread-([0-9]+)-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=viewthread&tid=$2&extra=page%3D$4&page=$3 last;
        rewrite ^([^\.]*)/group-([0-9]+)-([0-9]+)\.html$ $1/forum.php?mod=group&fid=$2&page=$3 last;
        rewrite ^([^\.]*)/space-(username|uid)-(.+)\.html$ $1/home.php?mod=space&$2=$3 last;
        rewrite ^([^\.]*)/blog-([0-9]+)-([0-9]+)\.html$ $1/home.php?mod=space&uid=$2&do=blog&id=$3 last;
        rewrite ^([^\.]*)/(fid|tid)-([0-9]+)\.html$ $1/archiver/index.php?action=$2&value=$3 last;
        rewrite ^([^\.]*)/([a-z]+[a-z0-9_]*)-([a-z0-9_\-]+)\.html$ $1/plugin.php?id=$2:$3 last;
        if (!-e $request_filename) {
            return 404;
        }
    }


    location ~ \.php$ {
        root           /data/website/discuz/upload;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include        fastcgi_params;
    }
}

公网 discuz 虚拟主机配置

公网 nginx 虚拟主机配置:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
server {
    listen 80;
    listen 443 ssl;

    server_name blog.leazhi.com;

    ssl_certificate  /usr/local/ssl/leazhi.com/blog.leazhi.com/blog.leazhi.com_bundle.pem;
    ssl_certificate_key  /usr/local/ssl/leazhi.com/blog.leazhi.com/blog.leazhi.com.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
#
   charset utf-8;

    client_max_body_size 50m;

    if ( $ssl_protocol = "" ) {
        rewrite ^ https://$host$request_uri?;
    }

    location / {

        add_header Access-Control-Allow-Origin *;
        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
        add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';

        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-For $scheme;
        proxy_set_header Host $host;
        proxy_set_header X-Forward-Proto https;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }
}

问题模拟

1.结果在访问前端主页时出现错位,而访问后端一切正常,如下图:

1.1.前端错位:

1.2.后端正常:

2.通过打开浏览器的 F12 调试功能,发现:

问题排查

根据网上搜索到的消息,都是提及需要修改 discuz 后台相应的 url ,将 http 修改为 https ,但是本人修改后问题依旧!

1.修改的第一处:discuz 管理后台 —> 站点信息 —> 全局 —> 网站 URL ,如图:

2.修改的第二处:discuz 管理后台 —> 站长 —> UCenter 设置 —> UCenter 访问地址 ,如图:

3.修改的第三处:UCenter 用户管理中心—> 应用管理 —> 应用列表 ,将应的主 URL 修改成 https ,如图:

解决方法

1.修改 公网 discuz 虚拟主机配置(其它配置不需改动) ,在 proxy_set_header 下面添加 2 行配置 proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-Proto $scheme;,如下:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
server {
    listen 80;
    listen 443 ssl;

    server_name blog.leazhi.com;

    ssl_certificate  /usr/local/ssl/leazhi.com/blog.leazhi.com/blog.leazhi.com_bundle.pem;
    ssl_certificate_key  /usr/local/ssl/leazhi.com/blog.leazhi.com/blog.leazhi.com.key;
    ssl_session_cache    shared:SSL:1m;
    ssl_session_timeout  5m;
    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;
#
   charset utf-8;

    client_max_body_size 50m;

    if ( $ssl_protocol = "" ) {
        rewrite ^ https://$host$request_uri?;
    }

    location / {

        add_header Access-Control-Allow-Origin *;
        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
        add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';

        proxy_pass http://127.0.0.1:8000;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-For $scheme;
        proxy_set_header Host $host;
        proxy_set_header X-Forward-Proto https;
        proxy_http_version 1.1;
        #proxy_set_header Upgrade $http_upgrade;
        #proxy_set_header Connection "upgrade";
        # 加下面两行
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

2.然后重载下 nginx 服务:

1
nginx -t && nginx -s reload

3.再次刷新页面,访问正常了: