背景
项目添加ssl证书后,APP/WEB端已经修改访问接口域名,但是多次查看日志均为http.
项目架构
AWS route53 –> ALB –> 目标群组(端口80) –> EC2
ALB挂载ssl证书,侦听器设置了两个规则
- 80重定向到443(可以直接访问域名为https)
- 443转发目标组80端口
问题
接口访问URL为HTTPS
日志记录为HTTP
打印日志代码
| // 访问日志 | |
| CommonLog::writeAccessLog($request->url() . " parameters=" . json_encode($request->input())); |
这是我打印请求的server的信息
其中HTTP_REFERER,HTTP_ORIGIN,HTTP_X_FORWARDED_PORT,HTTP_X_FORWARDED_PROTO 信息都是HTTPS
REQUEST_SCHEME,SERVER_PORT(这里是因为目标组和EC2端口为80)
探究
| // 底层包路径 vendor\symfony\http-foundation\Request.php | |
| /** | |
| * Checks whether the request is secure or not. | |
| * | |
| * This method can read the client protocol from the "X-Forwarded-Proto" header | |
| * when trusted proxies were set via "setTrustedProxies()". | |
| * | |
| * The "X-Forwarded-Proto" header must contain the protocol: "https" or "http". | |
| * | |
| * @return bool | |
| */ | |
| public function isSecure() | |
| { | |
| if ($this->isFromTrustedProxy() && $proto = $this->getTrustedValues(self::HEADER_X_FORWARDED_PROTO)) { | |
| return \in_array(strtolower($proto[0]), ['https', 'on', 'ssl', '1'], true); | |
| } | |
| $https = $this->server->get('HTTPS'); | |
| return !empty($https) && 'off' !== strtolower($https); | |
| } |
官方说包含这个X-Forwarded-Proto为https
我的HTTP_X_FORWARDED_PROTO这个显示为https,有知道的可以给说下原因
nginx配置
