Fatal编程技术网
  • nginx/
  • Nginx配置,如Synology反向代理

Nginx配置,如Synology反向代理

nginx

Nginx配置,如Synology反向代理,nginx,config,synology,Nginx,Config,Synology,我正在尝试将nginx(基于bitname/nginx:latest)配置为Synology反向代理的等价物。这是由于缺少Synology的通配符重定向。在这样做的同时,我面临许多问题;因此,我请求帮助正确配置nginx 要求 HTTPS升级 将任何通配符子域(443)重定向到端口30'000 隐藏重定向端口以防用户看到 必须支持WebSocket(在Synology的以下标题处:升级$http\u升级和连接$Connection\u升级) 示例 浏览器调用 请转到https://app1

我正在尝试将nginx(基于bitname/nginx:latest)配置为Synology反向代理的等价物。这是由于缺少Synology的通配符重定向。在这样做的同时,我面临许多问题;因此,我请求帮助正确配置nginx

要求

  • HTTPS升级
  • 将任何通配符子域(443)重定向到端口30'000
  • 隐藏重定向端口以防用户看到
  • 必须支持WebSocket(在Synology的以下标题处:升级$http\u升级和连接$Connection\u升级)
示例

  • 浏览器调用
  • 请转到https://app1.my example.com:30000/
  • 浏览器显示:,通过端口30000解析
当前代码(目前不起作用)

我能够解决我的问题,并愿意分享结果。我唯一不明白的是,为什么重定向。my-example可以作为代理传递。它会走同一条路线(可能是一个无止境的循环)。欢迎反馈/改进

# custom code for hop by hop headers
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}
 
# Upgrade connection
server {
    listen 8080 default_server;
    listen [::]:8080 default_server;
    server_name _;
    
    return 301 https://$host$request_uri;
}
 
# Redirect Subdomains (incl. Web-Socket)
server {
    listen 8443 ssl;
    
    ssl_certificate      /certs/server.crt;
    ssl_certificate_key  /certs/server.key;
    
    server_name my-example.de portal.my-example.de;
    access_log /opt/bitnami/nginx/logs/yourapp_access.log;
    error_log /opt/bitnami/nginx/logs/yourapp_error.log;
 
    location / {
        proxy_set_header     X-Real-IP $remote_addr;
        proxy_set_header     HOST $http_host;
        proxy_set_header     X-NginX-Proxy true;
 
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade; 
        proxy_set_header Connection $connection_upgrade;
 
        proxy_pass https://redirect.my-example.de:30000;
        proxy_redirect off;
    }
}
# Catch malicious requests
server {
   listen 8443 default_server;
   listen [::]:8443 default_server;
   
   ssl_certificate      /certs/server.crt;
   ssl_certificate_key  /certs/server.key;
   
   server_name _;
 
   return 444;
}

# custom code for hop by hop headers
map $http_upgrade $connection_upgrade {
    default upgrade;
    ''      close;
}
 
# Upgrade connection
server {
    listen 8080 default_server;
    listen [::]:8080 default_server;
    server_name _;
    
    return 301 https://$host$request_uri;
}
 
# Redirect Subdomains (incl. Web-Socket)
server {
    listen 8443 ssl;
    
    ssl_certificate      /certs/server.crt;
    ssl_certificate_key  /certs/server.key;
    
    server_name my-example.de portal.my-example.de;
    access_log /opt/bitnami/nginx/logs/yourapp_access.log;
    error_log /opt/bitnami/nginx/logs/yourapp_error.log;
 
    location / {
        proxy_set_header     X-Real-IP $remote_addr;
        proxy_set_header     HOST $http_host;
        proxy_set_header     X-NginX-Proxy true;
 
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade; 
        proxy_set_header Connection $connection_upgrade;
 
        proxy_pass https://redirect.my-example.de:30000;
        proxy_redirect off;
    }
}
# Catch malicious requests
server {
   listen 8443 default_server;
   listen [::]:8443 default_server;
   
   ssl_certificate      /certs/server.crt;
   ssl_certificate_key  /certs/server.key;
   
   server_name _;
 
   return 444;
}