I've just finished installing 2.1.7 on an Ubuntu EC2 instance running Nginx behind a load balancer. SSL terminates at the load balancer with the EC2 instance serving HTTP only.
As close as I was able to discern putting "fastcgi_param HTTPS on;" in the correct Nginx location blocks is supposed to deal with the load balancer SSL termination issue. Though I will need to go back to that, as there seems to be more important problems.
When requesting ttps://www.(domain).com/ the site's blank page loads but all the script and link url's return 404. Here is an example:
ttps://www.(domain).com/pub/static/version1496642016/frontend/Magento/luma/en_US/mage/calendar.css
Note that removing "/pub" from the url does return the correct CSS file.
When requesting ttps://www.(domain).com/index.php the site's blank page loads and all the script and link url's load properly without the "/pub" folder in the url.
This is my nginix site configuration file:
server { listen 80; listen [::]:80; server_name (domain).com *.(domain).com; add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always; if ($http_x_forwarded_proto != 'https') { return 301 https://$host$request_uri; } return 301 https://www.(domain).com$request_uri; } server { listen 80; listen [::]:80; server_name www.(domain).com; set $MAGE_ROOT /var/www/(domain).com; set $MAGE_MODE developer; root $MAGE_ROOT/pub; fastcgi_param HTTPS on; fastcgi_param MAGE_MODE $MAGE_MODE; # Block Bad Bots (conf.d blacklist.conf & conf.d/blockips.conf) # Send 403 Forbidden or 444 Drop Connection if ($bad_bot) { return 444; } # Block Bad Referers # Send 403 Forbidden if ($bad_referer) { return 403; } if ($bad_urls1) { return 403; } if ($bad_urls2) { return 403; } if ($bad_urls3) { return 403; } if ($bad_urls4) { return 403; } if ($bad_urls5) { return 403; } if ($bad_urls6) { return 403; } # Block Snoopers # Send 444 Connection Closed Without Response if ($validate_client) { return 444;} # Log Exclusion set $logging 1; # Exclude user agents (conf.d/logexclusion.conf) if ( $log_ua = 0 ) { set $logging 0; } # Exclude CIDR Range IPs (conf.d/logexclusion.conf) if ( $log_ip = 0 ) { set $logging 0; } access_log /var/log/nginx/access.log timed_combined if=$logging; index index.php; autoindex off; charset UTF-8; error_page 404 403 = /errors/404.php; # Add HTTP Strict Transport Security (HSTS) and Render/Frame Headers add_header Strict-Transport-Security 'max-age=31536000; includeSubDomains; preload' always; add_header X-UA-Compatible 'IE=edge,chrome=1'; # PHP entry point for setup application location ~* ^/setup($|/) { root $MAGE_ROOT; location ~ ^/setup/index.php { fastcgi_pass unix:/run/php/php7.0-fpm.sock; fastcgi_index index.php; fastcgi_param HTTPS on; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } location ~ ^/setup/(?!pub/). { deny all; } location ~ ^/setup/pub/ { add_header X-Frame-Options "SAMEORIGIN"; } } # PHP entry point for update application location ~* ^/update($|/) { root $MAGE_ROOT; location ~ ^/update/index.php { fastcgi_split_path_info ^(/update/index.php)(/.+)$; fastcgi_pass unix:/run/php/php7.0-fpm.sock; fastcgi_index index.php; fastcgi_param HTTPS on; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; fastcgi_param PATH_INFO $fastcgi_path_info; include fastcgi_params; } # Deny everything but index.php location ~ ^/update/(?!pub/). { deny all; } location ~ ^/update/pub/ { add_header X-Frame-Options "SAMEORIGIN"; } } location / { try_files $uri $uri/ /index.php?$args; } location /pub/ { location ~ ^/pub/media/(downloadable|customer|import|theme_customization/.*\.xml) { deny all; } alias $MAGE_ROOT/pub/; add_header X-Frame-Options "SAMEORIGIN"; } location /static/ { # Uncomment the following line in production mode # expires max; # Remove signature of the static files that is used to overcome the browser cache location ~ ^/static/version { rewrite ^/static/(version\d*/)?(.*)$ /static/$2 last; } location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { add_header Cache-Control "public"; add_header X-Frame-Options "SAMEORIGIN"; expires +1y; if (!-f $request_filename) { rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; } } location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { add_header Cache-Control "no-store"; add_header X-Frame-Options "SAMEORIGIN"; expires off; if (!-f $request_filename) { rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; } } if (!-f $request_filename) { rewrite ^/static/(version\d*/)?(.*)$ /static.php?resource=$2 last; } add_header X-Frame-Options "SAMEORIGIN"; } location /media/ { try_files $uri $uri/ /get.php?$args; location ~ ^/media/theme_customization/.*\.xml { deny all; } location ~* \.(ico|jpg|jpeg|png|gif|svg|js|css|swf|eot|ttf|otf|woff|woff2)$ { add_header Cache-Control "public"; add_header X-Frame-Options "SAMEORIGIN"; expires +1y; try_files $uri $uri/ /get.php?$args; } location ~* \.(zip|gz|gzip|bz2|csv|xml)$ { add_header Cache-Control "no-store"; add_header X-Frame-Options "SAMEORIGIN"; expires off; try_files $uri $uri/ /get.php?$args; } add_header X-Frame-Options "SAMEORIGIN"; } location /media/customer/ { deny all; } location /media/downloadable/ { deny all; } location /media/import/ { deny all; } # PHP entry point for main application location ~ (index|get|static|report|404|503)\.php$ { try_files $uri =404; fastcgi_pass unix:/run/php/php7.0-fpm.sock; fastcgi_buffers 1024 4k; fastcgi_read_timeout 600s; fastcgi_connect_timeout 600s; fastcgi_index index.php; fastcgi_param HTTPS on; fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name; include fastcgi_params; } gzip on; gzip_disable "msie6"; gzip_comp_level 6; gzip_min_length 1100; gzip_buffers 16 8k; gzip_proxied any; gzip_types text/plain text/css text/js text/xml text/javascript application/javascript application/x-javascript application/json application/xml application/xml+rss image/svg+xml; gzip_vary on; # Banned locations (only reached if the earlier PHP entry point regexes don't match) location ~* (\.php$|\.htaccess$|\.git) { deny all; } 
