我试图设置一个nginx的configuration,其行为类似于我们的生产服务器,其中端口80的请求被redirect到443,它工作正常,当你正在开发的开发机器,但如果你在另一台机器上,尝试从IP访问开箱,它将从IPredirect到本地主机。
例如http://192.168.1.10 -> 301 -> https://localhost
由于我们有很多远程开发人员,因此我不知道开箱时的IP地址是什么。 我试着不定义server_name属性以及将其分配给_ ,在这种情况下都不起作用。
将虚假域分配给服务器名称并让开发人员pipe理其主机文件是否有我能做的事情?
/etc/nginx/sites-available/default :
# ... server { listen 80; server_name localhost; return 301 https://$server_name$request_uri; } server { listen 443 ssl; server_name localhost; add_header Strict-Transport-Security max-age=15768000; ssl_certificate /etc/nginx/server.crt; ssl_certificate_key /etc/nginx/server.key; location / { proxy_pass http://app_server; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; include "/etc/nginx/proxy_params" } location ~ ^/(login|logout) { proxy_pass http://login_server; include "/etc/nginx/proxy_params" } }
卷发请求:
https:// :
jared@Wash ➤ curl -v http://192.168.1.17 * Rebuilt URL to: http://192.168.1.17/ * Trying 192.168.1.17... * Connected to 192.168.1.17 (192.168.1.17) port 80 (#0) > GET / HTTP/1.1 > Host: 192.168.1.17 > User-Agent: curl/7.47.0 > Accept: */* > < HTTP/1.1 301 Moved Permanently < Server: nginx/1.10.1 < Date: Tue, 19 Jul 2016 18:00:00 GMT < Content-Type: text/html < Content-Length: 185 < Connection: keep-alive < Location: https://localhost/ < <html> <head><title>301 Moved Permanently</title></head> <body bgcolor="white"> <center><h1>301 Moved Permanently</h1></center> <hr><center>nginx/1.10.1</center> </body> </html> * Connection #0 to host 192.168.1.17 left intact
https:// :
jared@Wash ➤ curl -vk https://192.168.1.17 * Rebuilt URL to: https://192.168.1.17/ * Trying 192.168.1.17... * Connected to 192.168.1.17 (192.168.1.17) port 443 (#0) * found 173 certificates in /etc/ssl/certs/ca-certificates.crt * found 697 certificates in /etc/ssl/certs * ALPN, offering http/1.1 * SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384 * server certificate verification SKIPPED * server certificate status verification SKIPPED * common name: localhost (does not match '192.168.1.17') * server certificate expiration date OK * server certificate activation date OK * certificate public key: RSA * certificate version: #3 * subject: ... * start date: Mon, 18 Jul 2016 20:50:53 GMT * expire date: Tue, 18 Jul 2017 20:50:53 GMT * issuer: ... * compression: NULL * ALPN, server did not agree to a protocol > GET / HTTP/1.1 > Host: 192.168.1.17 > User-Agent: curl/7.47.0 > Accept: */* > < HTTP/1.1 302 Found < Server: nginx/1.10.1 < Date: Tue, 19 Jul 2016 18:00:36 GMT < Content-Type: text/plain; charset=utf-8 < Content-Length: 37 < Connection: keep-alive < X-Frame-Options: DENY < Strict-Transport-Security: max-age=31536000; includeSubDomains < Location: /app/ < Vary: Accept, Accept-Encoding < set-cookie: ...; Path=/; HttpOnly; Secure < Strict-Transport-Security: max-age=15768000 < * Connection #0 to host 192.168.1.17 left intact Found. Redirecting to /app/
看来,基于你的curl请求和configuration你需要改变:
server { listen 80; server_name localhost; return 301 https://$server_name$request_uri; }
(它将localhost的server_namevariables插值到stringhttps:// $ server_name $ request_uri中,导致: https:// localhost $ request_uri)
至
server { listen 80; server_name <External IP ADDRESS>; return 301 https://$server_name$request_uri; }
(这将产品https:// IP_ADDRESS $ request_uri)
更多的信息在这:
如果有人使用IP地址而不是服务器名称发出请求,则“主机”请求标头字段将包含IP地址,并且可以使用IP地址作为服务器名称来处理请求:
(来源: http : //nginx.org/en/docs/http/server_names.html )
你可以使用这个:
server_name _ ;
这是“主机”标题“全部” 。
编辑
对不起,误解了你的一部分问题。 尝试改变
return 301 https://$server_name$request_uri;
至
return 301 https://$host$request_uri;
你可能会想改变/跳过server_name指令,所以它会响应来自localhost之外的请求。