我在aws上创建了一个私有存储桶,我想使用nginx反向代理它。 我为所有不同的代理使用了相同的服务器。 这是nginx的配置文件:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
server_names_hash_bucket_size 64;
server {
listen 80;
server_name ec2-...-...-....eu-central-1.compute.amazonaws.com;
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443;
server_name ec2-...-...-....eu-central-1.compute.amazonaws.com;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/ssl_access.log;
location ^~ / {
#proxy_set_header x-real-IP $remote_addr;
#proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
#proxy_set_header host $host;
#proxy_pass https://url.com;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass https://url.com;
proxy_read_timeout 30;
proxy_ssl_session_reuse off;
proxy_ssl_verify off;
}
location /one/service {
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://beanstalk-4.212314.eu-central-1.elasticbeanstalk.com/;
proxy_read_timeout 30;
proxy_ssl_session_reuse off;
proxy_ssl_verify off;
}
location /privateproxy {
set $s3_bucket 'bucketname.s3.eu-central-1.amazonaws.com';
set $aws_access_key 'AWSAccessKeyId=mykey';
set $url_expires 'Expires=$arg_e';
set $url_signature 'Signature=$arg_st';
set $url_full '$1?$aws_access_key&$url_expires&$url_signature';
proxy_http_version 1.1;
proxy_set_header Host $s3_bucket;
proxy_set_header Authorization '';
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers "Set-Cookie";
proxy_buffering off;
proxy_intercept_errors on;
resolver 172.16.0.23 valid=300s;
resolver_timeout 10s;
proxy_pass http://$s3_bucket/$url_full;
}
}
}
但我收到了502 Bad Gateway 我在配置中做错了吗?
日志文件: 2016/03/21 09:13:42 [错误] 16695#0:* 8 bucket.s3.eu-central-1.amazonaws.com无法解决(110:操作超时)
答案 0 :(得分:3)
如果存储桶名称正确,问题在于解析器。描述的IP地址:172.16.0.23仅作为非VPC EC2的DNS服务器。如果您使用VPC,解析器应该等于您希望得到的:
cat /etc/resolv.conf
例如10.0.1.0/16 VPC子网可能将10.0.1.2分配为内部解析程序。如果您不知道使用了哪一个(VPC /非VPC),那么打开DNS应该有所帮助:
resolver 8.8.8.8;
确保您指定合理的S3存储桶名称:
set $s3_bucket '-->>bucketname.s3.eu-central-1.amazonaws.com';
答案 1 :(得分:0)
如果运行nginx的EC2服务器与私有S3存储桶位于同一VPC中 然后您可以设置一个S3 VPC端点并更新您的存储桶 使用该端点(details here)的策略,然后将其添加到您的 nginx.conf:
location /privateproxy/ {
proxy_pass https://bucketname.s3.eu-central-1.amazonaws.com/;
}