防止NGINX删除端口
我想在重写时动态保留服务器名和端口: 假设防火墙将端口8081重定向到80。 因此,如果我使用“192.168.1.123/frontend”或“my.domain.tld:8081/frontend”访问Web服务器,我应该重定向到“192.168.1.123/frontend/”或“my.domain.tld:8081/frontend/” 如果我使用普通的防止NGINX删除端口,nginx,url-rewriting,port,strip,Nginx,Url Rewriting,Port,Strip,我想在重写时动态保留服务器名和端口: 假设防火墙将端口8081重定向到80。 因此,如果我使用“192.168.1.123/frontend”或“my.domain.tld:8081/frontend”访问Web服务器,我应该重定向到“192.168.1.123/frontend/”或“my.domain.tld:8081/frontend/” 如果我使用普通的重定向重写^(.*[^/])$$1/永久和我访问的端口8081端口被删除。 (我已经在重定向关闭中尝试了端口;) 我几乎使用默认配置:
重定向重写^(.*[^/])$$1/永久和我访问的端口8081端口被删除。
(我已经在重定向关闭中尝试了端口;
)
我几乎使用默认配置:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
rewrite ^(.*[^/])$ $1/ permanent;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
}
谢谢你的期待
解决方案:
感谢NGINX邮件列表!
我用重写规则修复了此问题:
if (-d $request_filename) {
rewrite [^/]$ $scheme://$http_host$uri/ permanent;
}
我终于找到了你所描述的问题的解决方案。我让它与URL重写工作,但它似乎有点矫枉过正
因此,对于任何有相同问题的人来说,最干净的解决方案似乎是取代这个:
proxy_set_header Host $host;
为此:
proxy_set_header Host $http_host;
通过此设置,Nginx将在重定向中保留端口,无论您的防火墙配置如何
希望这有帮助。干杯 我的一大块。。。大约三分之一的文件/etc/nginx/sites enabled/Site.conf
可能会在这里看到一些有用的东西。。。一切正常。。。我的nginx已经调好了。
我的ssl也得到了100%的全面支持,我公开的端口有很长很复杂的密码,我必须记下来才能记住,或者只有开发和测试垃圾不会造成任何伤害。但是。。模糊的,所以你可以把你自己的该死的价值观
####################################################
upstream dev {
server 127.0.0.1://port// weight=1 fail_timeout=300s;
keepalive 16;
}
####################################################
upstream l33t {
server 127.0.0.1://port// weight=1 fail_timeout=300s;
keepalive 16;
}
####################################################
upstream authserver {
server 127.0.0.1://PORT// weight=1 fail_timeout=300s;
keepalive 16;
}
#######################
# whereyougoing :80 #
#######################
#nowhere.. you're going.... nowhere...
######################
# - FORCE HTTPS - #
######################
server {
listen 80;
server_name YOURSITE.COM;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://YOURSITE.COM permanent;
}
server {
listen 80;
server_name www.YOURSITE.COM;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://www.YOURSITE.COM permanent;
}
server {
listen 80;
server_name auth.YOURSITE.COM;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://auth.YOURSITE.COM permanent;
}
server {
listen 80;
server_name its.YOURSITE.COM;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://its.YOURSITE.COM permanent;
}
######################################################
############# SSL SERVER starts here ###############
######################################################
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name YOURSITE.COM www.YOURSITE.COM auth.YOURSITE.COM its.YOURSITE.COM;
root /var/www/wordpress;
index index.php index.htm index.html;
access_log /var/log/nginx/rocketstack_ssl_access.log;
error_log /var/log/nginx/rocketstack_ssl_error.log;
#######################################
# Lock it down #
#######################################
# SSL certificate locations
ssl_certificate /etc/letsencrypt/live/YOURSITE.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOURSITE.COM/privkey.pem;
# Exclusions
include snippets/exclusions.conf;
# Security
include snippets/security.conf;
include snippets/ssl.conf;
# Fastcgi cache rules
include snippets/fastcgi-cache.conf;
include snippets/limits.conf;
include snippets/nginx-cloudflare.conf;
############################################
# port-authority #
############################################
if (-d $request_filename) {
rewrite [^/]$ $scheme://$http_host$uri/ permanent;
}
############################################
# Locations #
############################################
location / {
try_files $uri $uri/ /index.php?$args;
}
location /FOO {
alias /var/www/devl;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
autoindex on;
}
location /BAR {
proxy_set_header Origin http://$host;
proxy_set_header Host $http_host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
}
################# Fastphp accelleration #############
location ~ \.php$ {
try_files $uri =404;
include snippets/fastcgi-params.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
# Skip cache based on rules in snippets/fastcgi-cache.conf.
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
# Define memory zone for caching.
fastcgi_cache rocketstack;
# Define caching time.
fastcgi_cache_valid 60m;
#increase timeouts
fastcgi_read_timeout 3000;
fastcgi_connect_timeout 3000;
fastcgi_send_timeout 3000;
proxy_read_timeout 3000;
proxy_connect_timeout 3000;
proxy_send_timeout 3000;
send_timeout 3000;
# Flexible SSL to be used So the server can talk non-ssl internally
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-NginX-Proxy true;
}
}
##############################################
########### Server ends here ###########
########### ###########
########### Call upstream starts ###########
########### ###########
##############################################
#######################
# auth-serve #
#######################
server {
listen 9001 ssl;
############# Lock it down ################
# SSL certificate locations
ssl_certificate /etc/letsencrypt/live/YOURSITE.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOURSITE.COM/privkey.pem;
# Exclusions
include snippets/exclusions.conf;
# Security
include snippets/security.conf;
include snippets/ssl.conf;
# Fastcgi cache rules
include snippets/fastcgi-cache.conf;
include snippets/limits.conf;
include snippets/nginx-cloudflare.conf;
########### Send to Location upstream ##############
location /authserver {
proxy_redirect /* /$1;
proxy_pass http://authserver/;
proxy_set_header Origin $host;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
}
Nginx不知道请求中有一个端口。所以,你不能阻止它。但是你可以重定向到一个完整的uri,不管怎样,让防火墙将端口8081重定向到80@AlexeyTen为什么nginx不知道有一个端口?如果我使用my.domain.tld:8081/frontend/nginx访问网站时没有删除端口,则只有在我访问时没有在endNginx处添加斜杠时才删除端口,因为它不会重定向您。它不在乎您在浏览器中看到什么。但它接受端口80上的连接,这是nginx唯一知道的端口。当你访问不带斜杠的url时,nginx会将你重定向到带斜杠的url,此时它会生成不带端口的url(因为默认为80)。您好,这是怎么解释的?我对它的工作原理很感兴趣