我有3个域,其中2个被反向代理到apache,nginx用于mod_wsgi和django用法,第3个域将是nginx。
apache的反向代理站点都给了我403错误。
有人能帮助我吗?
Nginx配置:
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user john;
worker_processes 1;
error_log /var/log/nginx/error.log;
#error_log /var/log/nginx/error.log notice;
#error_log /var/log/nginx/error.log info;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
# Load config files from the /etc/nginx/conf.d directory
# The default server is in conf.d/default.conf
include /etc/nginx/conf.d/*.conf;
}
server {
listen 80;
server_name domain1.com;
#root /var/www/html/domain1.com/public_html;
return 301 https://domain1.com;
location ~ /\.ht {
deny all;
}
}
server {
listen 443 ssl;
root /var/www/html/domain1.com/public_html;
index index.html index.htm index.php;
server_name domain1.com;
ssl on;
ssl_certificate /etc/pki/tls/certs/domain1.com.crt;
ssl_certificate_key /etc/pki/tls/private/domain1.com.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+EXP;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
client_max_body_size 100M;
client_body_buffer_size 1m;
proxy_intercept_errors on;
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 256 16k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_max_temp_file_size 0;
proxy_read_timeout 300;
proxy_pass https://127.0.0.1:8081;
}
location ~ /\.ht {
deny all;
}
}
server {
listen 80;
server_name domain2.com;
#root /var/www/html/domain2.com/public_html;
return 301 https://domain2.com;
location ~ /\.ht {
deny all;
}
}
server {
listen 443 ssl;
root /var/www/html/domain2.com/public_html;
index index.html index.html index.php;
server_name domain2.com;
ssl on;
ssl_certificate /etc/pki/tls/certs/domain2.com.crt;
ssl_certificate_key /etc/pki/tls/private/domain2.com.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+EXP;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ /index.php;
}
}
server {
listen 80;
server_name domain3.com;
#root /var/www/html/domain3.com/public_html;
return 301 https://domain3.com;
location ~ /\.ht {
deny all;
}
}
server {
listen 443 ssl;
root /var/www/html/domain3.com/public_html;
index index.html index.htm index.php;
server_name domain3.com;
ssl on;
ssl_certificate /etc/pki/tls/certs/domain3.com.crt;
ssl_certificate_key /etc/pki/tls/private/domain3.com.key;
ssl_session_timeout 5m;
ssl_protocols SSLv3 TLSv1;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+EXP;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ /index.php;
}
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $host;
client_max_body_size 100M;
client_body_buffer_size 1m;
proxy_intercept_errors on;
proxy_buffering on;
proxy_buffer_size 128k;
proxy_buffers 256 16k;
proxy_busy_buffers_size 256k;
proxy_temp_file_write_size 256k;
proxy_max_temp_file_size 0;
proxy_read_timeout 300;
proxy_pass https://127.0.0.1:8081;
}
location ~ /\.ht {
deny all;
}
}
ps -ef|grep nginx
root 29795 1 0 12:13 ? 00:00:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
john 29796 29795 0 12:13 ? 00:00:00 nginx: worker process
john 29865 29113 0 12:29 pts/2 00:00:00 grep nginx
ps aux|grep nginx|grep -v grep
root 29795 0.0 0.0 107096 2332 ? Ss 12:13 0:00 nginx: master process /usr/sbin/nginx -c /etc/nginx/nginx.conf
john 29796 0.0 0.0 109308 5300 ? S 12:13 0:00 nginx: worker process
的httpd.conf:
WSGISocketPrefix /var/log
NameVirtualHost 127.0.0.1:8081
<VirtualHost 127.0.0.1:8081>
DocumentRoot /var/www/html/ramblr.io/public_html/
WSGIScriptAlias / /var/www/html/ramblr.io/public_html/rambler/rambler/wsgi.py
WSGIDaemonProcess rambler.io python-path=/var/www/html/ramblr.io/public_html/env/lib/pyth$
WSGIProcessGroup rambler.io
<Directory "/var/www/html/ramblr.io/public_html/rambler/rambler">
<IfVersion < 2.3 >
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</IfVersion>
<IfVersion >= 2.3>
Require all granted
</IfVersion>
</Directory>
<Directory /var/www/html/ramblr.io/public_html/ramble>
<Files wsgi.py>
Order allow,deny
Allow from all
</Files>
</Directory>
ServerAlias ramblr.io
ServerName ramblr.io
ServerAdmin johnripper@ramblr.io
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/ramblr.io.crt
SSLCertificateKeyFile /etc/pki/tls/private/ramblr.io.key
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
</VirtualHost>
<VirtualHost 127.0.0.1:8081>
DocumentRoot /var/www/html/test.animegrinder.com/public_html/
<Directory "/var/www/html/test.animegrinder.com/public_html">
Options Indexes FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
</Directory>
ServerName test.animegrinder.com
ServerAlias test.animegrinder.com
ServerAdmin admin@animegrinder.com
SSLEngine On
SSLCertificateFile /etc/pki/tls/certs/test.animegrinder.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/test.animegrinder.com.key
<IfModule mod_security2.c>
SecRuleEngine Off
</IfModule>
</VirtualHost>
<IfModule security2_module>
Include crs/owasp-modsecurity-crs/modsecurity_crs_10_setup.conf
Include crs/owasp-modsecurity-crs/base_rules/*.conf
</IfModule>
sudo nano /etc/httpd/conf.d/ssl.conf
Listen 127.0.0.1:8081