解决nginx 代理后报 Mixed Content: The page at ‘https://www.xxx.com‘

报错：Mixed Content: The page at 'https://www.xxx.com' was loaded over HTTPS, but requested an insecure script 'http://www.xxx.com/'. This request has been blocked; the content must be served over HTTPS. 

解决办法#

在location 里面添加add_header Content-Security-Policy upgrade-insecure-requests即可

例子

http {
    ...................

    server {
             #listen 443 ssl default_server;
             #listen [::]:443 ssl default_server;#新增这两个


             ssl_certificate pem;  #需要将cert-file-name.pem替换成已上传的证书文件的名称。
             ssl_certificate_key .key; #需要将cert-file-name.key替换成已上传的证书私钥文件的名称。
             ssl_session_timeout 5m;
             ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
             ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
             ssl_prefer_server_ciphers on;
    
             server_name  .com;
                location / {
                   .................
                   proxy_pass http:// xx:80;      
                   add_header Content-Security-Policy upgrade-insecure-requests;
                   index index.html index.htm index.jsp index.php;
                }
        }
        server {
            listen 80;
            server_name  ;
        }
}