以HTTPS协议访问https://www.deaboway.com/,发生如下错误:
Mixed Content: The page at 'https://www.deaboway.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.deaboway.com/wp-content/cache/autoptimize/css/autoptimize_fabbbb6a8a981a178f0f8eeeb8cf4232.css'. This request has been blocked; the content must be served over HTTPS. VM235:2 Mixed Content: The page at 'https://www.deaboway.com/' was loaded over HTTPS, but requested an insecure script 'http://www.deaboway.com/wp-includes/js/wp-emoji-release.min.js?ver=4.9.5'. This request has been blocked; the content must be served over HTTPS. VM235:2 Mixed Content: The page at 'https://www.deaboway.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.deaboway.com/wp-includes/css/dashicons.min.css?ver=4.9.5'. This request has been blocked; the content must be served over HTTPS. VM235:2 Mixed Content: The page at 'https://www.deaboway.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.deaboway.com/wp-includes/css/admin-bar.min.css?ver=4.9.5'. This request has been blocked; the content must be served over HTTPS. VM234:1 Mixed Content: The page at 'https://www.deaboway.com/' was loaded over HTTPS, but requested an insecure script 'http://www.deaboway.com/wp-includes/js/jquery/jquery.js?ver=1.12.4'. This request has been blocked; the content must be served over HTTPS
解决办法:
把资源的引用从http改成https,具体用神马办法呢?
这里的方案是让http和https两种访问方式并存。而不是只允许https访问哈!!!
1. 将siteurl和home都从 http://www.deaboway.com 改成 https://www.deaboway.com —— 不必须
2. 在wp的数据库中运行: SELECT * FROM `wp_options` where option_value like ‘http://%’; 查找http的条目,改成https协议。 —— 不必须
3. vim /etc/nginx/nginx.conf 在443端口的https中添加: —— 不必须
add_header Front-End-Https on;
nginx -s reload
4. 编辑当前主题下的 functions.php 文件 HTTPS 相对链接替换 —— 必须,同时支持http和https协议访问
//WordPress SSL function deaboway_ssl(){ if( is_ssl() ){ function deaboway_ssl_main ($content){ $siteurl = get_option('siteurl'); $upload_dir = wp_upload_dir(); $content = str_replace( 'http:'.strstr($siteurl, '//'), strstr($siteurl, '//'), $content); $content = str_replace( 'http:'.strstr($upload_dir['baseurl'], '//'), strstr($upload_dir['baseurl'], '//'), $content); return $content; } ob_start("deaboway_ssl_main"); } } add_filter('get_header', 'deaboway_ssl');
5. 由于我使用了cloudflare cdn,需要将ssl改成full模式 —— 根据实际使用的cdn的情况确定
Crypto change setting { "Name": "SSL", "Old value": "flexible", "Type": "crypto", "Value": "full", "Zone name": "deaboway.com" }
特别注意:如果用了CDN的话,记得使用支持HTTPS协议的CDN,要不然会出问题的哦!
参考: