记一次nginx多层路由时代理的设置方法
现象:npm里配置路由,xj9264.xyz路由到192.168.2.102:8081内,服务器内又有nginx路由静态文件。在访问uri路径时,表现为无法访问网站,且uri地址被重定向为了xj9264.xyz:8081/xx/xxxx.
解决办法
查看npm内配置为
1
2
3
4
5
6
7
| location / {
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
add_header Strict-Transport-Security $hsts_header always;
# Proxy!
include conf.d/include/proxy.conf;
}
|
location / 部分非常简单,且包含了proxy.ocnf,以下是proxy.conf内容
1
2
3
4
5
6
7
8
| # /etc/ngonx/conf.d/include/force-ssl.conf;
add_header X-Served-By $host;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_pass $forward_scheme://$server:$port$request_uri;
|
综合下来解决办法为,修改npm内location / 的配置内容,npm支持自定义location / 覆盖自动生成的location / 配置。
最终location / 配置如下
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| location / {
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
add_header Strict-Transport-Security $hsts_header always;
# 代理到后端服务
proxy_pass http://192.168.2.175:8081;
# 关键代理头设置
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Port $server_port;
# 修正后端可能返回的重定向
proxy_redirect http://$host:8081/ /;
proxy_redirect https://$host:8081/ /;
proxy_redirect http://$host/ /;
proxy_redirect https://$host/ /;
# 其他代理设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
# 移除原有的include,或者确保它不覆盖我们的设置
# include conf.d/include/proxy.conf;
}
|
由于和proxy.conf内容有重合,可以尝试如下配置:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
| location / {
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
add_header Strict-Transport-Security $hsts_header always;
include conf.d/include/proxy.conf;
proxy_redirect http://$host:8081/ /;
proxy_redirect https://$host:8081/ /;
proxy_redirect http://$host/ /;
proxy_redirect https://$host/ /;
# 其他代理设置
proxy_connect_timeout 60s;
proxy_send_timeout 60s;
proxy_read_timeout 60s;
}
|
附npm对新路由默认配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
| # ------------------------------------------------------------
# 域名
# ------------------------------------------------------------
map $scheme $hsts_header {
https "max-age=63072000;includeSubDomains; preload";
}
server {
set $forward_scheme http; # 目标链接方式,http或者https
set $server "ip"; # 目标地址ip
set $port port; # 目标端口
listen 80;
listen [::]:80;
listen 443 ssl;
listen [::]:443 ssl;
server_name xj9264.xyz; # 反代域名
http2 on;
# Let's Encrypt SSL # 自动配置https ssl证书
include conf.d/include/letsencrypt-acme-challenge.conf;
include conf.d/include/ssl-cache.conf;
include conf.d/include/ssl-ciphers.conf;
ssl_certificate /etc/letsencrypt/live/npm-2/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/npm-2/privkey.pem;
# Asset Caching
include conf.d/include/assets.conf;
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
add_header Strict-Transport-Security $hsts_header always;
# Force SSL
include conf.d/include/force-ssl.conf;
access_log /data/logs/proxy-host-27_access.log proxy;
error_log /data/logs/proxy-host-27_error.log warn;
# 自动生成的 location / 配置,以下配置通用与其他所有服务,可以自定义修改覆盖
location / {
# HSTS (ngx_http_headers_module is required) (63072000 seconds = 2 years)
add_header Strict-Transport-Security $hsts_header always;
# Proxy!
include conf.d/include/proxy.conf;
}
# Custom
include /data/nginx/custom/server_proxy[.]conf;
}
|