Nexus的Nginx SSL终止代理不使用不同于443的端口
我有一个Nginx作为Nexus存储库的SSL终止反向代理 以下是配置:Nexus的Nginx SSL终止代理不使用不同于443的端口,nginx,reverse-proxy,nexus,Nginx,Reverse Proxy,Nexus,我有一个Nginx作为Nexus存储库的SSL终止反向代理 以下是配置: server { server_name nexus.example.com; listen 443 ssl; ssl_certificate /etc/letsencrypt/live/nexus.example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/nexus.example.com/privkey.p
server {
server_name nexus.example.com;
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/nexus.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nexus.example.com/privkey.pem;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
client_max_body_size 1G;
location / {
if ($http_user_agent ~* docker) {
proxy_pass http://127.0.0.1:8082;
}
proxy_pass http://127.0.0.1:8081;
proxy_cookie_path / "/; secure; HttpOnly";
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto $scheme;
}
access_log /var/log/nginx/nexus_access.log;
error_log /var/log/nginx/nexus_error.log;
}
这很好,没有问题。但是,我想在另一个端口中公开Nginx,比如10000。如果我更改配置并重新启动Nginx和Nexus,无论何时访问Nexus.example.com:10000
我都会收到多个错误,因为浏览器正在https://nexus.example.com
(不带端口)
我认为这可能是一个缓存问题,所以我尝试在匿名模式,但也没有工作。尝试了一个全新的虚拟机,同样的问题,所以我放弃了缓存问题
如果我直接在Nexus.example.com:8081上公开Nexus,它也可以工作
可能有什么问题
我尝试了以下解决方法,但尽管我能够访问Nexus首页,但我无法登录
server {
listen 443 ssl;
ssl_certificate /etc/letsencrypt/live/nexus.example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/nexus.example.com/privkey.pem;
location / {
return 301 https://$host:10000$request_uri;
}
}
我遇到了同样的问题。
更改代理设置头主机$Host代码>至proxy\u set\u头主机$Host:$server\u端口代码>解决它供参考-这对我有用:
upstream origin {
server nexus:8081;
}
server {
listen 8084 ssl http2;
server_name nexus.mydoman.tld;
ssl_certificate /etc/ssl/mydomain.tld.crt;
ssl_certificate_key /etc/ssl/mydomain.tld.key;
# https://mozilla.github.io/server-side-tls/ssl-config-generator/
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
location / {
proxy_set_header Host $host:$server_port;
proxy_set_header X-Real-IP $remote_addr:8084;
proxy_set_header X-Forwarded-Proto "https";
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port 8084;
proxy_pass http://origin;
}
}
感谢@Ying Yi&@rseddon尝试将端口添加到主机头:proxy\u set\u header主机$host:10000@rseddon我也不工作。它对我不工作,这与@rseddon在评论中所说的建议是一样的。这确实有效,并且有帮助,因为我在不同的端口访问它。这对我有效。为了让它更干净:可以删除X-Forwarded-Port,也可以删除X-Real-IP的端口(因为它是IP)