NGINX:在执行反向代理时,如何删除端口?
我设置了一个Nginx反向代理,它被用作几个服务器(如confluence)的SSL卸载。我已经让它成功地工作了,但是当我尝试重定向时,它尝试转到,但失败了 如何从URL中删除端口 下面的配置有点精简,但可能有用吗?标头中的$server\u端口位是否导致问题NGINX:在执行反向代理时,如何删除端口?,nginx,reverse-proxy,nginx-reverse-proxy,Nginx,Reverse Proxy,Nginx Reverse Proxy,我设置了一个Nginx反向代理,它被用作几个服务器(如confluence)的SSL卸载。我已经让它成功地工作了,但是当我尝试重定向时,它尝试转到,但失败了 如何从URL中删除端口 下面的配置有点精简,但可能有用吗?标头中的$server\u端口位是否导致问题 server { listen 8090; server_name confluence; return 301 https://confluence$request_uri; } server {
server {
listen 8090;
server_name confluence;
return 301 https://confluence$request_uri;
}
server {
listen 443 ssl http2;
server_name confluence;
location / {
proxy_http_version 1.1;
proxy_pass http://confbackend:8091
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $server_name:$server_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Upgrade $http_upgrade; #WebSocket Support
proxy_set_header Connection $connection_upgrade; #WebSocket Support
}
}
这里似乎有很多答案,但我在混乱中找不到安慰
我还以为你会有一个单一的服务器,但我试着从
我试着把港口弄得乱七八糟;但也许我用错了
编辑1:添加conf文件
下面的文件是对的修改。我最初使用了它们的设置,并在./conf.d/中为其他RP端点添加了额外的conf文件
Confluence.conf
nginx.conf
你的问题是STS头
添加STS标头时。第一个请求http://example.com:8090 生成指向的重定向https://example.com
这个https://example.com 然后在响应中返回STS头,浏览器会记住example.com始终需要在https上提供服务,无论发生什么。港口没什么区别
现在,当您再次向http://example.com:8090,STS启动,然后将其转换为https://example.com:8090,这是你的问题
因为端口只能服务于http或https,所以不能使用8090将http重定向到https,也不能将https 8090重定向到https 443。您的问题是STS头
添加STS标头时。第一个请求http://example.com:8090 生成指向的重定向https://example.com
这个https://example.com 然后在响应中返回STS头,浏览器会记住example.com始终需要在https上提供服务,无论发生什么。港口没什么区别
现在,当您再次向http://example.com:8090,STS启动,然后将其转换为https://example.com:8090,这是你的问题
因为端口只能为http或https服务,所以不能使用8090将http重定向到https,也不能将https 8090重定向到https 443是否尝试添加代理\u重定向https://confluence:8090/ https://confluence/? 如果需要,您还可以为http添加一个条目。我尝试了代理\ U重定向http://confluence:8090/ https://confluence/,proxy_重定向https://confluence:8090/ https://confluence/,proxy_重定向http://$host:8090/https://confluence/,并将ssl添加到listen listen 8090 ssl http2中,这一切都没有运气。实际上,我没有用后面的斜线。这有区别吗?无论如何,当我输入URL时,Firefox似乎去掉了尾随的斜杠。你有最后一个nginx文件供mew查看吗?另外,您也不希望打开ssl8090@TarunLalwani请查看文件的编辑。是否尝试添加代理\u重定向https://confluence:8090/ https://confluence/? 如果需要,您还可以为http添加一个条目。我尝试了代理\ U重定向http://confluence:8090/ https://confluence/,proxy_重定向https://confluence:8090/ https://confluence/,proxy_重定向http://$host:8090/https://confluence/,并将ssl添加到listen listen 8090 ssl http2中,这一切都没有运气。实际上,我没有用后面的斜线。这有区别吗?无论如何,当我输入URL时,Firefox似乎去掉了尾随的斜杠。你有最后一个nginx文件供mew查看吗?另外,您也不希望打开ssl8090@TarunLalwani请查看文件的编辑。
server {
listen 8090 ssl http2;
server_name confluence.domain.com confluence;
## return 301 https://confluence.domain.com$request_uri;
proxy_redirect https://confluence.domain.com:8090 https://confluence.domain.com;
}
server {
## add ssl entries when https has been set in config
ssl_certificate /data/rpssl/confluence.pem;
ssl_certificate_key /data/rpssl/confluence_unencrypted.key;
## server configuration
listen 443 ssl http2;
server_name confluence.domain.com confluence;
add_header Strict-Transport-Security max-age=31536000;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
access_log /var/log/nginx/confluence-access.log timing;
error_log /var/log/nginx/confluence-error.log;
client_max_body_size 0;
proxy_read_timeout 1200;
proxy_connect_timeout 240;
location / {
proxy_http_version 1.1;
proxy_pass http://backendconfluence.domain.com:8091;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $server_name:$server_port;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Upgrade $http_upgrade; # WebSocket Support
proxy_set_header Connection $connection_upgrade; # WebSocket support
}
}
# Main Nginx configuration file
worker_processes 4;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
worker_rlimit_nofile 4096;
events {
worker_connections 2048;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
variables_hash_max_size 1024;
variables_hash_bucket_size 64;
server_names_hash_max_size 4096;
server_names_hash_bucket_size 128;
types_hash_max_size 2048;
types_hash_bucket_size 64;
proxy_read_timeout 2400s;
client_header_timeout 2400s;
client_body_timeout 2400s;
proxy_connect_timeout 75s;
proxy_send_timeout 2400s;
proxy_buffer_size 32k;
proxy_buffers 40 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 250m;
proxy_http_version 1.1;
client_body_buffer_size 128k;
map $http_upgrade $connection_upgrade { #WebSocket support
default upgrade;
'' '';
}
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
log_format timing 'ip = $remote_addr '
'user = \"$remote_user\" '
'local_time = \"$time_local\" '
'host = $host '
'request = \"$request\" '
'status = $status '
'bytes = $body_bytes_sent '
'upstream = \"$upstream_addr\" '
'upstream_time = $upstream_response_time '
'request_time = $request_time '
'referer = \"$http_referer\" '
'UA = \"$http_user_agent\"';
access_log /var/log/nginx/access.log timing;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
include /etc/nginx/conf.d/*.conf;
}
add_header Strict-Transport-Security max-age=31536000;