如何将proxy_pass后的HTTPS协议保存为HTTP协议?

How to save HTTPS protocol after proxy_pass to HTTP protocol?

我在同一网络中有 3 个 docker 个容器:

  1. 存储 (golang) - 它提供API上传视频文件。
  2. Streamer (nginx) - 它流式传输上传的文件
  3. 反向代理(姑且称之为代理)

我在用户和代理之间有 HTTPS 协议。

假设有一个文件 id=c14de868-3130-426a-a0cc-7ff6590e9a1f 并且用户想要查看它。因此,用户向 https://stream.example.com/hls/master.m3u8?id=c14de868-3130-426a-a0cc-7ff6590e9a1f 发出请求。 Streamer 知道视频 ID(来自查询参数),但它不知道视频的路径,因此它向存储发出请求并为视频路径交换视频 ID。实际上它确实 proxy_pass 到 http://docker-storage/getpath?id=c14de868-3130-426a-a0cc-7ff6590e9a1f.

docker-storage in an upstream server. And protocol is http, because I have no SSL-connection between docker containers in local network.

Streamer 获取文件路径后开始流式传输。但是用户的浏览器开始抛出 Mixed Content Type 错误,因为第一个请求抛出 HTTPS 并且在 proxy_pass 之后它变成了 HTTP.

这是nginx.conf文件(它是一个Streamer容器):

worker_processes auto;

events {
  use epoll;
}

http {
  error_log stderr debug;

  default_type application/octet-stream;

  sendfile    on;
  tcp_nopush  on;
  tcp_nodelay on;

  vod_mode                           local;
  vod_metadata_cache                 metadata_cache 16m;
  vod_response_cache                 response_cache 512m;
  vod_last_modified_types            *;
  vod_segment_duration               9000;
  vod_align_segments_to_key_frames   on;
  vod_dash_fragment_file_name_prefix "segment";
  vod_hls_segment_file_name_prefix   "segment";

  vod_manifest_segment_durations_mode accurate;

  open_file_cache          max=1000 inactive=5m;
  open_file_cache_valid    2m;
  open_file_cache_min_uses 1;
  open_file_cache_errors   on;

  aio on;

  upstream docker-storage {
    # There is a docker container called storage on the same network
    server storage:9000;
  }

  server {
    listen 9000;
    server_name localhost;
    root /srv/static;

    location = /exchange-id-to-path {
      proxy_pass $auth_request_uri;
      proxy_pass_request_body off;

      proxy_set_header Content-Length "";
      proxy_set_header X-Real-IP $remote_addr;
      proxy_set_header X-Original-URI $request_uri;

      # I tried to experiment with this header
      proxy_set_header X-Forwarded-Proto https;

      set $filepath $upstream_http_the_file_path;
    }

    location /hls {
      # I use auth_request module just to get the path from response header (The-File-Path)
      set $auth_request_uri "http://docker-storage/getpath?id=$arg_id";
      auth_request /exchange-id-to-path;
      auth_request_set $filepath $upstream_http_the_file_path;

      # Here I provide path to the file I want to stream
      vod hls;
      alias $filepath/$arg_id;
    }
  }
}

这是浏览器控制台的屏幕截图:

这是成功 (200) 请求的响应:

#EXTM3U
#EXT-X-STREAM-INF:PROGRAM-ID=1,BANDWIDTH=1470038,RESOLUTION=1280x720,FRAME-RATE=25.000,CODECS="avc1.4d401f,mp4a.40.2"
http://stream.example.com/hls/index-v1-a1.m3u8

#EXT-X-I-FRAME-STREAM-INF:BANDWIDTH=171583,RESOLUTION=1280x720,CODECS="avc1.4d401f",URI="http://stream.example.com/hls/iframes-v1-a1.m3u8"

问题是proxy_pass后的https协议如何保存到http?

p.s. 我使用 Kaltura nginx-vod-module 来播放视频文件。

我认为 proxy_pass 不是这里的问题。当 vod 模块 returns 索引路径时,它使用绝对 URL 和 HTTP 协议。相对 URL 应该足够了,因为索引文件和块在同一个域下(如果我理解正确的话)。

尝试设置 vod_hls_absolute_index_urls off;(以及 vod_hls_absolute_master_urls off;),这样您的浏览器应该使用 HTTPS.

发送相对于 stream.example.com 域的请求