在堆栈和网上搜索了几个小时之后,我现在不知道如何解决我的问题了。
在我的带有 phpmyadmin v.5.0.4 的 debian 网络服务器上,我收到以下错误打开 URL https://companyname.de/phpmyadmin:
服务器和客户端上指示的 HTTPS 不匹配。 这可能会导致 phpMyAdmin 无法正常工作或存在安全风险。 请修复您的服务器配置以正确指示 HTTPS。
已通过 apt 安装 phpmyadmin。 没有更改 phpmyadmin .config 文件或 apache 相关文件中的任何内容。
Web 服务器在带有 HAProxy 的 OPNSense 后面。 HAProxy 正在处理所有 SSL letsencrypt 证书。
global
uid 80
gid 80
chroot /var/haproxy
daemon
stats socket /var/run/haproxy.socket group proxy mode 775 level admin
nbthread 1
hard-stop-after 60s
no strict-limits
tune.ssl.default-dh-param 4096
spread-checks 2
tune.bufsize 16384
tune.lua.maxmem 0
log /var/run/log local0 info
lua-prepend-path /tmp/haproxy/lua/?.lua
defaults
log global
option redispatch -1
timeout client 30s
timeout connect 30s
timeout server 40s
retries 3
default-server init-addr last,libc
# Frontend: http_lan_wan (Public Service für interne und externe Anfragen über http)
frontend http_lan_wan
bind 192.168.50.253:80 name 192.168.50.253:80
bind 192.168.50.252:80 name 192.168.50.252:80
mode http
option http-keep-alive
option forwardfor
# logging options
# ACL: find_acme_challenge
acl acl_645774a9f09708.61820985 path_beg -i /.well-known/acme-challenge/
# ACL: redirect-companyname-de
acl acl_645a60be852259.29309390 hdr(host) -i companyname.de
# ACL: www
acl acl_64555b3fec64e0.30748614 hdr(host) -i www.companyname.de
# ACL: not-ssl
acl acl_64555c9187cd43.18700342 ssl_fc
# ACTION: redirect_acme_challenges
use_backend acme_challenge_backend if acl_645774a9f09708.61820985
# ACTION: redirect_companyname_de
http-request redirect code 301 location https://www.companyname.de if acl_645a60be852259.29309390
# ACTION: webserver
use_backend webserver_backend if acl_64555b3fec64e0.30748614
# ACTION: hsts_strict
# NOTE: actions with no ACLs/conditions will always match
http-response set-header Strict-Transport-Security "max-age=16000000; includeSubDomains; preload;"
# ACTION: set_http_header_companyname_de
http-request set-header X-Forwarded-Proto https if !acl_64555c9187cd43.18700342
# Frontend: https_lan_wan (Public Service für interne und externe Anfragen über https)
frontend https_lan_wan
bind 192.168.50.253:443 name 192.168.50.253:443 ssl crt-list /tmp/haproxy/ssl/645558bec44376.40532547.certlist
bind 192.168.50.252:443 name 192.168.50.252:443 ssl crt-list /tmp/haproxy/ssl/645558bec44376.40532547.certlist
mode http
option http-keep-alive
option forwardfor
# logging options
# ACL: redirect-companyname-de
acl acl_645a60be852259.29309390 hdr(host) -i companyname.de
# ACL: www
acl acl_64555b3fec64e0.30748614 hdr(host) -i www.companyname.de
# ACL: not-ssl
acl acl_64555c9187cd43.18700342 ssl_fc
# ACTION: redirect_companyname_de
http-request redirect code 301 location https://www.companyname.de if acl_645a60be852259.29309390
# ACTION: webserver
use_backend webserver_backend if acl_64555b3fec64e0.30748614
# ACTION: set_http_header_companyname_de
http-request set-header X-Forwarded-Proto https if !acl_64555c9187cd43.18700342
# Frontend: https_lan (Public Service für ausschließlich interne Anfragen über https)
frontend https_lan
bind 192.168.50.252:443 name 192.168.50.252:443 ssl crt-list /tmp/haproxy/ssl/64555918cba291.18660693.certlist
mode http
option http-keep-alive
option forwardfor
# logging options
# ACL: www
acl acl_64555b3fec64e0.30748614 hdr(host) -i www.companyname.de
# ACL: not-ssl
acl acl_64555c9187cd43.18700342 ssl_fc
# ACTION: webserver
use_backend webserver_backend if acl_64555b3fec64e0.30748614
# ACTION: set_http_header_companyname_de
http-request set-header X-Forwarded-Proto https if !acl_64555c9187cd43.18700342
# Backend: webserver_backend (Backend Pool für Apache/Wordpress)
backend webserver_backend
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
# ACL: not-ssl
acl acl_64555c9187cd43.18700342 ssl_fc
# ACTION: redirect_ssl
http-request redirect scheme https code 301 if !acl_64555c9187cd43.18700342
http-reuse safe
server webserver_host 192.168.50.3:80
# Backend: acme_challenge_backend (Added by ACME Client plugin)
backend acme_challenge_backend
# health checking is DISABLED
mode http
balance source
# stickiness
stick-table type ip size 50k expire 30m
stick on src
http-reuse safe
server acme_challenge_host 127.0.0.1:43580
# ACTION: redirect_ssl
http-request redirect scheme https code 301 if !acl_64555c9187cd43.18700342
http-reuse safe
server postfixadmin_host 192.168.50.4:80
# statistics are DISABLED
你们知道我可以尝试什么吗?谢谢!
添加 X-Forwarded-Proto 就像这里提到的服务器和客户端上指示的 HTTPS 不匹配