以HTTPS协议访问https://www.deaboway.com/,发生如下错误:
Mixed Content: The page at 'https://www.deaboway.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.deaboway.com/wp-content/cache/autoptimize/css/autoptimize_fabbbb6a8a981a178f0f8eeeb8cf4232.css'. This request has been blocked; the content must be served over HTTPS. VM235:2 Mixed Content: The page at 'https://www.deaboway.com/' was loaded over HTTPS, but requested an insecure script 'http://www.deaboway.com/wp-includes/js/wp-emoji-release.min.js?ver=4.9.5'. This request has been blocked; the content must be served over HTTPS. VM235:2 Mixed Content: The page at 'https://www.deaboway.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.deaboway.com/wp-includes/css/dashicons.min.css?ver=4.9.5'. This request has been blocked; the content must be served over HTTPS. VM235:2 Mixed Content: The page at 'https://www.deaboway.com/' was loaded over HTTPS, but requested an insecure stylesheet 'http://www.deaboway.com/wp-includes/css/admin-bar.min.css?ver=4.9.5'. This request has been blocked; the content must be served over HTTPS. VM234:1 Mixed Content: The page at 'https://www.deaboway.com/' was loaded over HTTPS, but requested an insecure script 'http://www.deaboway.com/wp-includes/js/jquery/jquery.js?ver=1.12.4'. This request has been blocked; the content must be served over HTTPS
解决办法:
把资源的引用从http改成https,具体用神马办法呢?
这里的方案是让http和https两种访问方式并存。而不是只允许https访问哈!!!
1. 将siteurl和home都从 http://www.deaboway.com 改成 https://www.deaboway.com —— 不必须
2. 在wp的数据库中运行: SELECT * FROM `wp_options` where option_value like ‘http://%’; 查找http的条目,改成https协议。 —— 不必须
3. vim /etc/nginx/nginx.conf 在443端口的https中添加: —— 不必须
add_header Front-End-Https on;
nginx -s reload
4. 编辑当前主题下的 functions.php 文件 HTTPS 相对链接替换 —— 必须,同时支持http和https协议访问
//WordPress SSL
function deaboway_ssl(){
if( is_ssl() ){
function deaboway_ssl_main ($content){
$siteurl = get_option('siteurl');
$upload_dir = wp_upload_dir();
$content = str_replace( 'http:'.strstr($siteurl, '//'), strstr($siteurl, '//'), $content);
$content = str_replace( 'http:'.strstr($upload_dir['baseurl'], '//'), strstr($upload_dir['baseurl'], '//'), $content);
return $content;
}
ob_start("deaboway_ssl_main");
}
}
add_filter('get_header', 'deaboway_ssl');5. 由于我使用了cloudflare cdn,需要将ssl改成full模式 —— 根据实际使用的cdn的情况确定
Crypto change setting
{
"Name": "SSL",
"Old value": "flexible",
"Type": "crypto",
"Value": "full",
"Zone name": "deaboway.com"
}特别注意:如果用了CDN的话,记得使用支持HTTPS协议的CDN,要不然会出问题的哦!
参考: