Safari (Desktop и iOS)
Веб-приложение Meteor, защищенное базовой аутентификацией nginx.
Я вижу следующие записи журнала доступа в бесконечном цикле , когда я посещаюприложение на Safari.Хром работает как положено.В журналах ошибок nginx нет записей.Я предполагаю, что по какой-то причине аутентификация пользователя / пароля не работает, и запрос перенаправляется в цикле, что приводит к открытию новых соединений сокетов / sockjs.
Приложение не выдает никаких данных, белыйстраница показывается.
144.MY.IP.ADDR - - [25/Sep/2018:17:48:06 -0400] "GET /sockjs/958/msx234wb/websocket HTTP/1.1" 401 195 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Safari/605.1.15"
144.MY.IP.ADDR - username [25/Sep/2018:17:48:06 -0400] "POST /sockjs/656/mgln1mi5/xhr_send HTTP/1.1" 204 0 "https://my.site.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Safari/605.1.15"
144.MY.IP.ADDR - username [25/Sep/2018:17:48:06 -0400] "POST /sockjs/958/x9wngcy3/xhr HTTP/1.1" 200 12 "https://my.site.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Safari/605.1.15"
144.MY.IP.ADDR - username [25/Sep/2018:17:48:06 -0400] "POST /sockjs/958/x9wngcy3/xhr_send HTTP/1.1" 204 0 "https://my.site.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Safari/605.1.15"
144.MY.IP.ADDR - username [25/Sep/2018:17:48:06 -0400] "GET /sockjs/info?cb=35tsuy5ber HTTP/1.1" 200 90 "https://my.site.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Safari/605.1.15"
144.MY.IP.ADDR - username [25/Sep/2018:17:48:06 -0400] "POST /sockjs/958/x9wngcy3/xhr_send HTTP/1.1" 204 0 "https://my.site.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Safari/605.1.15"
Вот моя конфигурация nginx:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
listen 443 ssl http2;
server_name my.site.com;
ssl_certificate /etc/letsencrypt/live/my.site.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my.site.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Xss-Protection "1";
ssl_stapling on;
ssl_stapling_verify on;
root html; # irrelevant
index index.html; # irrelevant
location / {
# forward http to https
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
proxy_pass http://localhost:8080;
proxy_redirect off;
proxy_intercept_errors on;
proxy_http_version 1.1; # recommended with keepalive connections - http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Host $host; # pass the host header - http://wiki.nginx.org/HttpProxyModule#proxy_pass
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-For $remote_addr; # preserve client IP
proxy_set_header X-Nginx-Proxy true;
auth_basic "Restricted Access"; # auth realm
auth_basic_user_file .htpasswd-users; # htpasswd file
# the root path (/) MUST NOT be cached
if ($uri != '/') {
expires 30d;
}
}
}
Я понятия не имею, почему это происходит, когда Chrome работает, как ожидается, а Safari - нет.