Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

1.反向代理配置

反向代理服务器上,增加 X-Forwarded-For  X-Forwarded-Proto 两个 header 信息,传递真实的请求 IP 和真实的请求协议。

...

Code Block
languagebash
      location /{
        proxy_pass      https://xxx.xxx.xxx.xxx:443/;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
      }

2. 在IdP服务器上,开放 443 端口

IdP部署时已经打开443端口的,可以忽略此步。

Code Block
languagebash
[carsi@www ~]$ sudo firewall-cmd --add-service=https --permanent
[carsi@www ~]$ sudo firewall-cmd --reload

...