服务器 Gind.cn
  1. 服务器 Gind.cn
  3. Nginxredirect循环与多个proxy_pass和主机头
Intereting Posts
Zimbra到zimbra完成迁移(不只是邮件) build立EC2结构和安全 PHP 5.3.8不加载模块xapian.so 在linux / unix上共享文件 从非域计算机连接到域计算机上的共享 如何通过uncpath打开帮助(.chm)文件 通过ExpressRoute强制隧道将公共IP分配给Azure虚拟机 为什么将MTU从1500降低到1499允许我访问大多数网站? 电子邮件未从某些邮件服务器传送到服务器:“域没有有效的邮件交换器” 在Linux中通过Wifi共享局域网 ca-bundle.crt和ca-bundle.trust.crt之间的区别 OpenVPN路由和级联 无法在CentOS 6.5上安装IBM安装pipe理器 Ansible:根据主机名或angular色复制文件 Kerberos使用Server 2008 R2和Server 2003 SP2进行日志logging

Nginxredirect循环与多个proxy_pass和主机头

我的使用案例
我需要能够设置两个proxy_passes:一个用于发送主页,/,到webflow.test.co,同时保持URL(test.co),另一个用于路由所有其他请求 – /(.+) – 我的Nodejs服务器(例如,test.co/api,test.co/media,test.co/login)。 最后,我想指定具体的terminal去每个地方,但现在看来没有解决这个问题。

问题
将这两个位置块一起添加到主页的无限redirect循环中。 我已经尝试了几乎所有我能想到的,并find解决这个问题的方法。 唯一的办法是删除主机头(proxy_set_header主机),这会留下显示代理URL(webflow.test.co)的不良影响。 我尝试添加斜杠到我的代理URL,添加X-Forwarded-Proto头(webflow.test.co是https),删除顶部的两个服务器块(只是为了testing),并将server_name设置为简单test.co和删除正则expression式。 至less这些是主要的事情。

值得一提的是,这是在ElasticBeanstalk节点上运行的,它们使用默认的nginx设置。 以下是我的nginx.conf。

请随时索取任何其他信息。 这是我的代码: 

upstream nodejs { server 127.0.0.1:8081; keepalive 256; } # Redirect all non-HTTPS to non-WWW HTTPS server { listen 8080; server_name "~^(?:www\.)?(.*)$"; return 301 https://$host$request_uri; } # Redirect WWW HTTP to non-WWW HTTP server { listen 4430; server_name "~^www\.(.*)$"; return 301 https://$1$request_uri; } # Reverse-proxy to http://nodejs server { listen 4430; server_name "~^(?!www\.).*$"; client_max_body_size 50M; location = / { proxy_pass http://webflow.test.co; proxy_set_header Connection ""; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location ~ /(.+) { proxy_pass http://nodejs; proxy_set_header Connection ""; proxy_http_version 1.1; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } }

这是请求的curl结果。 首先在test.co: 

 $ curl -v test.co * Rebuilt URL to: test.co/ * timeout on name lookup is not supported * Trying xx.xx.xxx.xxx... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to test.co (52.67.227.229) port 80 (#0) > GET / HTTP/1.1 > Host: test.co > User-Agent: curl/7.49.1 > Accept: */* > < HTTP/1.1 301 Moved Permanently < Content-Type: text/html < Date: Tue, 05 Sep 2017 18:27:53 GMT < Location: https://test.co/ < Server: nginx/1.10.2 < Content-Length: 185 < Connection: keep-alive < { [185 bytes data] 100 185 100 185 0 0 493 0 --:--:-- --:--:-- --:--:-- 562<html> <head><title>301 Moved Permanently</title></head> <body bgcolor="white"> <center><h1>301 Moved Permanently</h1></center> <hr><center>nginx/1.10.2</center> </body> </html> * Connection #0 to host test.co left intact

然后在https://test.co ,位置:build议。 

 $ curl -v https://test.co * Rebuilt URL to: https://test.co/ * timeout on name lookup is not supported * Trying xx.xx.xxx.xxx... % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Connected to test.co (xx.xx.xxx.xxx) port 443 (#0) * ALPN, offering h2 * ALPN, offering http/1.1 * Cipher selection: ALL:!EXPORT:!EXPORT40:!EXPORT56:!aNULL:!LOW:!RC4:@STRENGTH * successfully set certificate verify locations: * CAfile: C:/Program Files/Git/mingw64/ssl/certs/ca-bundle.crt CApath: none * TLSv1.2 (OUT), TLS header, Certificate Status (22): } [5 bytes data] * TLSv1.2 (OUT), TLS handshake, Client hello (1): } [512 bytes data] 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* TLSv1.2 (IN), TLS handshake, Server hello (2): { [89 bytes data] * TLSv1.2 (IN), TLS handshake, Certificate (11): { [4547 bytes data] * TLSv1.2 (IN), TLS handshake, Server key exchange (12): { [333 bytes data] * TLSv1.2 (IN), TLS handshake, Server finished (14): { [4 bytes data] * TLSv1.2 (OUT), TLS handshake, Client key exchange (16): } [70 bytes data] * TLSv1.2 (OUT), TLS change cipher, Client hello (1): } [1 bytes data] * TLSv1.2 (OUT), TLS handshake, Finished (20): } [16 bytes data] * TLSv1.2 (IN), TLS change cipher, Client hello (1): { [1 bytes data] * TLSv1.2 (IN), TLS handshake, Finished (20): { [16 bytes data] * SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 * ALPN, server did not agree to a protocol * Server certificate: * subject: CN=*.test.co * start date: Feb 21 00:00:00 2017 GMT * expire date: Mar 21 12:00:00 2018 GMT * subjectAltName: host "test.co" matched cert's "*.test.co" * issuer: C=US; O=Amazon; OU=Server CA 1B; CN=Amazon * SSL certificate verify ok. } [5 bytes data] > GET / HTTP/1.1 > Host: test.co > User-Agent: curl/7.49.1 > Accept: */* > { [5 bytes data] < HTTP/1.1 301 Moved Permanently < Content-Type: text/html < Date: Tue, 05 Sep 2017 18:29:16 GMT < Location: https://test.co/ < Server: nginx/1.10.2 < Content-Length: 178 < Connection: keep-alive < { [178 bytes data] 100 178 100 178 0 0 119 0 0:00:01 0:00:01 --:--:-- 123<html> <head><title>301 Moved Permanently</title></head> <body bgcolor="white"> <center><h1>301 Moved Permanently</h1></center> <hr><center>nginx</center> </body> </html> * Connection #0 to host test.co left intact