Nginx配置,如Synology反向代理
我正在尝试将nginx(基于bitname/nginx:latest)配置为Synology反向代理的等价物。这是由于缺少Synology的通配符重定向。在这样做的同时,我面临许多问题;因此,我请求帮助正确配置nginx 要求Nginx配置,如Synology反向代理,nginx,config,synology,Nginx,Config,Synology,我正在尝试将nginx(基于bitname/nginx:latest)配置为Synology反向代理的等价物。这是由于缺少Synology的通配符重定向。在这样做的同时,我面临许多问题;因此,我请求帮助正确配置nginx 要求 HTTPS升级 将任何通配符子域(443)重定向到端口30'000 隐藏重定向端口以防用户看到 必须支持WebSocket(在Synology的以下标题处:升级$http\u升级和连接$Connection\u升级) 示例 浏览器调用 请转到https://app1
- HTTPS升级
- 将任何通配符子域(443)重定向到端口30'000
- 隐藏重定向端口以防用户看到
- 必须支持WebSocket(在Synology的以下标题处:升级$http\u升级和连接$Connection\u升级)
- 浏览器调用
- 请转到https://app1.my example.com:30000/
- 浏览器显示:,通过端口30000解析
我能够解决我的问题,并愿意分享结果。我唯一不明白的是,为什么重定向。my-example可以作为代理传递。它会走同一条路线(可能是一个无止境的循环)。欢迎反馈/改进
# custom code for hop by hop headers
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Upgrade connection
server {
listen 8080 default_server;
listen [::]:8080 default_server;
server_name _;
return 301 https://$host$request_uri;
}
# Redirect Subdomains (incl. Web-Socket)
server {
listen 8443 ssl;
ssl_certificate /certs/server.crt;
ssl_certificate_key /certs/server.key;
server_name my-example.de portal.my-example.de;
access_log /opt/bitnami/nginx/logs/yourapp_access.log;
error_log /opt/bitnami/nginx/logs/yourapp_error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass https://redirect.my-example.de:30000;
proxy_redirect off;
}
}
# Catch malicious requests
server {
listen 8443 default_server;
listen [::]:8443 default_server;
ssl_certificate /certs/server.crt;
ssl_certificate_key /certs/server.key;
server_name _;
return 444;
}
# custom code for hop by hop headers
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
# Upgrade connection
server {
listen 8080 default_server;
listen [::]:8080 default_server;
server_name _;
return 301 https://$host$request_uri;
}
# Redirect Subdomains (incl. Web-Socket)
server {
listen 8443 ssl;
ssl_certificate /certs/server.crt;
ssl_certificate_key /certs/server.key;
server_name my-example.de portal.my-example.de;
access_log /opt/bitnami/nginx/logs/yourapp_access.log;
error_log /opt/bitnami/nginx/logs/yourapp_error.log;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_pass https://redirect.my-example.de:30000;
proxy_redirect off;
}
}
# Catch malicious requests
server {
listen 8443 default_server;
listen [::]:8443 default_server;
ssl_certificate /certs/server.crt;
ssl_certificate_key /certs/server.key;
server_name _;
return 444;
}