Spring 春季及;Docker:请求被拒绝,因为URL未规范化
我有两个docker容器需要相互通信。一个是前端的nginx容器,它需要与另一个容器中的弹簧后端通信。在Docker外部运行时,通信工作正常,但当我将项目Docker化时,在尝试将任何请求从前端发送到后端时,会出现以下错误:Spring 春季及;Docker:请求被拒绝,因为URL未规范化,spring,spring-boot,docker,nginx,Spring,Spring Boot,Docker,Nginx,我有两个docker容器需要相互通信。一个是前端的nginx容器,它需要与另一个容器中的弹簧后端通信。在Docker外部运行时,通信工作正常,但当我将项目Docker化时,在尝试将任何请求从前端发送到后端时,会出现以下错误: org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL was not normalized. 来自Spri
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL was not normalized.
来自Spring的StrictHttpFirewall
nginx.conf
load_module "modules/ngx_http_perl_module.so";
env HELIUM_LOCATION;
http {
perl_set $helium_location 'sub { return $ENV{"HELIUM_LOCATION"}; }';
server {
listen 8000;
root /usr/share/nginx/html;
include /etc/nginx/mime.types;
client_max_body_size 10M;
location /api {
rewrite ^/api(.*) /$1 break;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Prefix /api;
proxy_pass http://$helium_location;
}
location /health {
default_type application/json;
return 200 '{"status": "UP"}';
}
location / {
try_files $uri $uri/ /index.html;
}
}
}
Spring boot版本为2.1,nginx容器为nginx:1.11.8-1。这在使用Spring boot 1.5.7时起作用,所以Spring处理这些请求的方式有什么变化吗
如果有任何其他信息有助于解决此问题,请告诉我,我会尽我所能为您获取。谢谢 来自
例如,它可以包含路径遍历序列(如/。/)或
多个正斜杠(//),也可能导致模式匹配
失败
您在重写时添加了一个额外的斜杠
location /api {
rewrite ^/api(.*) /$1 break;
...
}
在日志上我可以看到
127.0.0.1 - - [06/Mar/2019:16:22:15 +0000] "GET //something HTTP/1.0" 200 612 "-" "curl/7.52.1"
172.17.0.1 - - [06/Mar/2019:16:22:15 +0000] "GET /api/something HTTP/1.1" 200 612 "-" "curl/7.52.1"
换成
rewrite ^/api(.*) $1 break;
您可以通过执行nginx-s reload
现在没有准备额外的斜杠
127.0.0.1 - - [06/Mar/2019:16:27:22 +0000] "GET /something HTTP/1.0" 200 612 "-" "curl/7.52.1"
172.17.0.1 - - [06/Mar/2019:16:27:22 +0000] "GET /api/something HTTP/1.1" 200 612 "-" "curl/7.52.1"
谢谢你的回复!我从日志中截取了一行,但问题似乎不是这样的:sms|u qa.pops | 10.1.2.22--[06/Mar/2019:18:01:17+0000]“POST/api/auth HTTP/1.1“4010”“”Mozilla/5.0(Windows NT 10.0;Win64;x64)AppleWebKit/537.36(KHTML,像Gecko)Chrome/72.0.3626.119 Safari/537.36”您是否尝试删除重写中的多余斜杠?是的。当我这样做时,请求并没有到达后端。很明显,这个应用程序依赖于直线上的斜线。