我有一个nginx服务器,是众多内部服务的反向代理。 虽然我不知道问题何时开始, 目前,重写语句不再将所有httpstream量redirect到https。
重写语句的最终目标是将所有networkingstream量(包括子文件夹)重新写入example.com,重写为www.example.com。 此外,http:// www.example.com的所有networkingstream量都将redirect到https:// www.example.com。
目前,如果您导航到http:// example.com/service1,则会显示404未findnginx。 /var/log/nginx/error.log日志文件数据如下:
2017/08/24 18:36:55 [error] 31476#31476: *919529 open() "/etc/nginx/html/service1" failed (2: No such file or directory), client: 1.2.3.5, server: , request: "GET /chub HTTP/1.1", host: "example.com" 我注意到的一个项目是显示尝试访问网页的日志文件不是在configuration文件中定义的。 这导致我相信configuration文件存在问题,并且nginx不使用其中的指令来路由stream量。
如果您导航到https:// example.com/service1,则会被redirect到正确的URL。 另外,你是否使用www也无所谓。 或者不,输出是一样的。 唯一certificate成功的是https:// www.example.com。 我已经尝试了很多不同的listen / server_name / return / rewrite指令,但都没有成功。
以下是nginx站点configuration。 请注意,由于窗口大小,一些文本会环绕。 另外请注意,我不得不在一些URL中添加空格,因为我没有10个需要添加超过2个URL的代表点。
log_format awstats '$remote_addr - $remote_user [$time_local] $status ' '"$request" $body_bytes_sent "$http_referer" ' '"$http_user_agent" "http_x_forwarded_for"'; server { server_name example.com www.example.com; access_log /var/log/nginx/www.access.log timed_combined; error_log /var/log/nginx/www.error.log; return 301 https://www.example.com$request_uri; } server { listen 1.2.3.4:443 ssl http2; server_name example.com www.example.com; ssl on; ssl_certificate /etc/pki/tls/certs/example.com.chained.crt; ssl_certificate_key /etc/pki/tls/private/example.com.key; add_header Alternate-Protocol 443:npn-spdy/3,443:npn-spdy/2; include /etc/nginx/proxy.conf; access_log /var/log/nginx/www.access.log timed_combined; error_log /var/log/nginx/www.error.log; error_log syslog:server=127.0.0.1:514; client_max_body_size 512M; # This section uses a non-standard nginx http status code to silently # drop requests for invalid objects. # All of the objects below are malicious attempts to probe the # server. # Generic location no-no's location ^~ /cgi-bin/ { return 444; } location ^~ /scripts/ { return 444; } location ^~ /admin/ { return 444; } location ^~ /administrator/ { return 444; } location ^~ /sdk/ { return 444; } location ^~ /file/ { return 444; } location ^~ /level/ { return 444; } location ^~ /w00tw00t.at.blackhats.romanian.anti-sec:) { return 444; } # Third-party software no-no's location ^~ /manager/ { return 444; } location ^~ /ispmgr/ { return 444; } location ^~ /MyAdmin/ { return 444; } location ^~ /myadmin/ { return 444; } location ^~ /phpMyAdmin/ { return 444; } location ^~ /phpmyadmin/ { return 444; } location ^~ /pma/ { return 444; } # Microsoft specific no-no's location ^~ /IISADMPWD/ { return 444; } location ^~ /msadci/ { return 444; } location ^~ /_vti_bin/ { return 444; } location ^~ /_vti_pvt/ { return 444; } location ~* ./(\.php)$ { return 444; } # These items aren't invalid perse, however there are "issues" # downstream that makes it easier to cause them to just die # peacefully rather than tax resources. location ^~ /service1/++resource++quickupload_static/ { return 444; } location ^~ /dav/ { return 444; } location ^~ /mnt/ { return 444; } # Rather than service this one, we'll just drop the request # altogether. location ~* ./(Thumbs\.db)$ { return 444; } # Originates from Microsoft Windows location ~* ./(\.DS_Store)$ { return 444; } # Originates from MacOS X location ~* ./(browserconfig\.xml)$ { return 444; } # Originates specifically from Internet Explorer 11 (used for browser pinning) # =============================================== # This section governs access to the Service1. # =============================================== # This section is the main url rewriting for the Plone Virtual # Hosting Monster. # It also returns the custom error pages for this application. location ^p_$ { return 301 https://www.example.com/^p_/; } location ^misc_$ { return 301 https://www.example.com/^misc_/; } location /manage_page_style.css { return 301 https://www.example.com/service1/manage_page_style.css; } location /++resource++plone.dexterity.item.gif { return 301 https://www.example.com/service1/++resource++plone.dexterity.item.gif; } location /service1/ { proxy_intercept_errors on; proxy_pass http://localhost:6081/VirtualHostBase/https/www.example.com:443/service1/service1/VirtualHostRoot/_vh_service1/; proxy_redirect default; error_page 400 /400.html; error_page 401 /401.html; error_page 403 /403.html; error_page 404 /404.html; error_page 405 /405.html; error_page 408 /408.html; error_page 411 /411.html; error_page 500 /500.html; error_page 502 /502.html; error_page 503 /503.html; error_page 504 /504.html; } # This manages the ability for search engines to crawl # www.example.com. location /robots.txt { proxy_pass http://1.2.3.6/robots.txt; } # The following three sections perform special url rewriting for # plone resources that are normally expected to exist at the site # root level, which is otherwise inaccessible using the proxy. location /misc_/ { proxy_pass http://localhost:6081/VirtualHostBase/https/www.example.com:443/ VirtualHostRoot/misc_/; proxy_redirect default; } location /p_/ { proxy_pass http://localhost:6081/VirtualHostBase/https/www.example.com:443/ VirtualHostRoot/p_/; proxy_redirect default; } # This section governs access to the various HAProxy status pages. location = /haproxy-status { return 301 https://www.example.com/haproxy-status/; } location /haproxy-status/ { proxy_pass http://backendserver:3380/haproxy-status/; } # This is the default 'catch-all' statement. If a request doesn't # match any of the above rules, it gets sent to the application web # server, where it will probably die. location / { proxy_pass http://localhost:3380/; } location = /400.html { root /var/www/status-codes/service1; } location = /401.html { root /var/www/status-codes/service1; } location = /403.html { root /var/www/status-codes/service1; } location = /404.html { root /var/www/status-codes/service1; } location = /405.html { root /var/www/status-codes/service1; } location = /408.html { root /var/www/status-codes/service1; } location = /411.html { root /var/www/status-codes/service1; } location = /500.html { root /var/www/status-codes/service1; } location = /502.html { root /var/www/status-codes/service1; } location = /503.html { root /var/www/status-codes/service1; } location = /504.html { root /var/www/status-codes/service1; } }
有关我的故障排除步骤的其他帮助,下面是我试过的一些curl输出。
curl -I -k http://www.example.com HTTP/1.1 200 OK Server: nginx/1.13.4 Date: Thu, 24 Aug 2017 18:47:31 GMT Content-Type: text/html Content-Length: 1094 Last-Modified: Thu, 17 Aug 2017 18:46:39 GMT Connection: keep-alive Vary: Accept-Encoding ETag: "5995e48f-446" Accept-Ranges: bytes curl -I -k http://www.example.com/service1 HTTP/1.1 404 Not Found Server: nginx/1.13.4 Date: Thu, 24 Aug 2017 18:48:14 GMT Content-Type: text/html Content-Length: 169 Connection: keep-alive Vary: Accept-Encoding curl -I -k https://www.example.com HTTP/1.1 200 OK Server: nginx/1.13.4 Date: Thu, 24 Aug 2017 18:48:52 GMT Content-Type: text/html Content-Length: 1094 Last-Modified: Thu, 17 Aug 2017 18:46:39 GMT Connection: keep-alive Vary: Accept-Encoding ETag: "5995e48f-446" Alternate-Protocol: 443:npn-spdy/3,443:npn-spdy/2 Accept-Ranges: bytes curl -I -k https://www.example.com/service1 HTTP/1.1 301 Moved Permanently Server: nginx/1.13.4 Date: Thu, 24 Aug 2017 18:49:22 GMT Content-Type: text/html Content-Length: 185 Location: https://www.example.com/service1/ Connection: keep-alive Alternate-Protocol: 443:npn-spdy/3,443:npn-spdy/2
任何帮助或信息,你可能能够提供解决这个问题将不胜感激。 此外,如果有一些日志输出或其他命令输出,您需要更好地隔离问题,请让我知道。
谢谢!
编辑1:
@Tim我试图使用重写语句,而不是redirect,但这似乎没有任何区别。 下面是我尝试过的一个例子。
rewrite ^ https://$host$request_uri? permanent;
你有没有build议我尝试可能会更好?
由于我现在还没有10个代表点,这个网站不会让我包含2个以上的url。 所以为了过去,我不得不添加这些空格。 我应该提前注意到这一点。
从我读到的nxinx文档中,如果没有侦听语句,它默认侦听端口80上的所有接口。我也尝试添加侦听语句以及结果没有变化。
下面是整个nginx.conf:
user nginx; worker_processes auto; worker_rlimit_nofile 20000; pid /var/run/nginx.pid; error_log /var/log/nginx/error.log debug; events { worker_connections 4096; multi_accept on; use epoll; } http { include /etc/nginx/mime.types; default_type application/octet-stream; log_format main '$remote_addr - $remote_user [$time_local] "$request" ' '$status $body_bytes_sent "$http_referer" ' '"$http_user_agent" "$http_x_forwarded_for"'; log_format timed_combined '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' '$request_time $upstream_response_time $pipe'; log_format graylog2_format '$remote_addr - $remote_user [$time_local] ' '"$request" $status $body_bytes_sent ' '"$http_referer" "$http_user_agent" ' '"$http_x_forwarded_for" <msec=$msec|connection=$connection|connection_requests=$con$ access_log /var/log/nginx/access.log main; access_log syslog:server=127.0.0.1:514 graylog2_format; sendfile on; tcp_nopush on; tcp_nodelay on; keepalive_timeout 65; types_hash_max_size 2048; send_timeout 600; gzip on; gzip_disable "MSIE [1-6]\."; gzip_static on; gzip_vary on; gzip_proxied any; gzip_comp_level 4; gzip_http_version 1.1; gzip_types text/plain text/css text/xml text/javascript image/png image/gif image/jpg image/jpeg application/json application/javascript application/x-javascript application/xml application/xml+rss; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_buffer_size 8k; ssl_session_cache shared:SSL:10m; ssl_session_timeout 10m; include /etc/nginx/conf.d/*.conf; }