"no-referrer-when-downgrade error" Angular Firebase 上的应用连接到 NGINX Jelastic

"no-referrer-when-downgrade error" Angular app on Firebase connecting to NGINX Jelastic

我有以下架构:

为了正常工作,Firebase 需要使用 HTTPS API,所以我向 NGINX 服务器添加了一个 SSL 证书和一个 public IP。如果我使用来自邮递员的 HTTP 调用 API,则调用工作正常。但是,如果我从 firebase 中的 Angular 应用程序调用 API HTTPS,它就不起作用,我会收到此错误:"Referrer Policy: no-referrer-when-downgrade" - net::ERR_CONNECTION_REFUSED.

我看到了 个问题,但我无法解决问题。

这是 nginx 配置文件。我用 XXX.XXX.XXX.XXX

替换了 IP 地址

######## HTTP SECTION PROTOTYPE ########

http {
    server_tokens off ;
        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        set_real_ip_from  192.168.0.0/16;
        set_real_ip_from  10.0.0.0/8;
        set_real_ip_from  172.16.0.0/16;
        real_ip_header    X-Forwarded-For;
        real_ip_recursive on;

    log_format  main  '$remote_addr:$http_x_remote_port - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for" '
                      '"$host" sn="$server_name" '
                      'rt=$request_time '
                      'ua="$upstream_addr" us="$upstream_status" '
                      'ut="$upstream_response_time" ul="$upstream_response_length" '
                      'cs=$upstream_cache_status' ;


        client_header_timeout 10m;
        client_body_timeout 10m;
        send_timeout 10m;
        client_max_body_size 100m;

        connection_pool_size 256;
        client_header_buffer_size 1k;
        large_client_header_buffers 4 2k;
        request_pool_size 4k;

#        gzip on;
        gzip_min_length 1100;
        gzip_buffers 4 8k;
        gzip_types text/plain;

        output_buffers 1 32k;
        postpone_output 1460;

        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;

        keepalive_timeout 75 20;

        ignore_invalid_headers on;

    map $upstream_addr        $group {
        default               "";
    ### MAPPING FOLLOWS HERE ###
    ### ~XXX\.XXX\.XXX\.XXX\:XX$   $GROUPNAME; ### MAPPROTO ### This is mappings prototype line, do not remove this! 
~XXX\.XXX\.XXX\.XXX\:80$ common; ### MAPPROTO for common ###
    }

    ### DEFAULT UPSTREAM FOLLOWS HERE ###
    upstream default_upstream{
    ### server XXX.XXX.XXX.XXX; ### $GROUPNAME ### DEFUPPROTO ###
server XXX.XXX.XXX.XXX;   ### DEFUPPROTO for common ###
    sticky path=/; keepalive 100;
}



    ### UPSTREAMS LIST FOLLOWS HERE ###
        #upstream nodes{ server XXX.XXX.XXX.XXX; server 127.0.0.1:8001 backup # UPSTREAMPROTO # This is upstream prototype line, do not remove this! }
upstream common {   server XXX.XXX.XXX.XXX ;  sticky path=/; keepalive 100; } ### UPSTREAMPROTO for common ###


        #GFADMIN

        server {
                listen *:80;
                listen [::]:80;
                server_name  _;

                #add_header Referrer-Policy "no-referrer"; # by Paolo

                access_log /var/log/nginx/localhost.access_log main;
                error_log /var/log/nginx/localhost.error_log info;

        #ModSecurityEnabled on;
        #ModSecurityConfig /etc/nginx/conf.d/modsecurity/modsec_includes.conf;

                proxy_temp_path /var/nginx/tmp/;
                proxy_connect_timeout 5s;

                error_page   500 502 503 504  /50x.html;

                proxy_next_upstream error timeout http_500;
                proxy_http_version 1.1;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Host $http_host;
                proxy_set_header X-Forwarded-For $http_x_forwarded_for;
                proxy_set_header X-Remote-Port $http_x_remote_port;
                proxy_set_header X-URI $uri;
                proxy_set_header X-ARGS $args;
                proxy_set_header Refer $http_refer;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection "upgrade";
                if ($http_x_remote_port = '' ) {
                    set $http_x_remote_port $remote_port;
                }

                location = /50x.html {
                        root   html;
                }

                location / {
                        if ($cookie_SRVGROUP ~ group|common) {
                                proxy_pass http://$cookie_SRVGROUP;
                                error_page   500 502 503 504 = @rescue;
                        }

                        if ($cookie_SRVGROUP !~ group|common) {
                                add_header Set-Cookie "SRVGROUP=$group; path=/";
                        }
                        proxy_pass http://default_upstream;
                        add_header Set-Cookie "SRVGROUP=$group; path=/";
                }

                location @rescue {
                        proxy_pass http://default_upstream;
                        add_header Set-Cookie "SRVGROUP=$group; path=/";
                }


                #USERLOCATIONS
        }

#        server {
#                listen *:8001;
#                server_name  backup.local;
#
#           location / {
#                        proxy_pass http://default_upstream;
#                        add_header Set-Cookie "SRVGROUP=$group; path=/";
#                        proxy_http_version 1.1;
#                        proxy_set_header Host $host;
#                        proxy_set_header X-Real-IP $remote_addr;
#                        proxy_set_header X-Host $http_host;
#                        proxy_set_header X-Forwarded-For $http_x_forwarded_for;
#                        proxy_set_header X-URI $uri;
#                        proxy_set_header X-ARGS $args;
#                        proxy_set_header Refer $http_refer;
#                        proxy_set_header Upgrade $http_upgrade;
#                        proxy_set_header Connection "upgrade";
#                }
#        }

 include /etc/nginx/conf.d/*.conf;

}

######## TCP SECTION PROTOTYPE ########

这是conf.d/ssl.conf

的内容
#
# HTTPS server configuration
#

#server {
#    listen       443;
#    server_name  _;

#    ssl                  on;

#    ssl_certificate      cert.pem;
#    ssl_certificate_key  cert.key;

#    ssl_session_timeout  5m;

#    ssl_protocols  SSLv2 SSLv3 TLSv1;
#    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
#    ssl_prefer_server_ciphers   on;

#    location / {
#        root   html;
#        index  index.html index.htm;
#    }
#}

虽然这是conf.d/ssl.conf.disabled

的内容
#
# HTTPS server configuration
#

server {
    listen       443 http2;
    listen       [::]:443 http2;
    server_name  _;

    ssl                  on;
    ssl_certificate      /var/lib/jelastic/SSL/jelastic.chain;
    ssl_certificate_key  /var/lib/jelastic/SSL/jelastic.key;


    ssl_session_timeout  5m;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
    ssl_ciphers '*****removed by me*****';

    ssl_prefer_server_ciphers   on;
    ssl_session_cache shared:SSL:10m;

    access_log /var/log/nginx/localhost.access_log main;
    error_log /var/log/nginx/localhost.error_log info;
    proxy_temp_path /var/nginx/tmp/;
    error_page   500 502 503 504  /50x.html;

    location = /50x.html {
                        root   html;
               }

    location / {
     set $upstream_name common;
include conf.d/ssl.upstreams.inc;

                        proxy_pass http://$upstream_name;
                        proxy_next_upstream error;
                        proxy_http_version 1.1;
                        proxy_set_header Upgrade $http_upgrade;
                        proxy_set_header Connection "upgrade";
                        proxy_set_header Host $host;
                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header X-Host $http_host;
                        proxy_set_header X-Forwarded-For $http_x_forwarded_for;
                        proxy_set_header X-URI $uri;
                        proxy_set_header X-ARGS $args;
                        proxy_set_header Refer $http_refer;
                        proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header Ssl-Offloaded "1";
                }
}

您应该添加:

add_header 'Referrer-Policy' 'origin';

到/etc/nginx/conf.d/ssl.conf