Nginx - 上游重定向无法正常工作

时间:2017-03-07 03:05:39

标签: nginx syntax

希望有人能指出我的配置失败。

我遇到一个问题,我的上游重定向不能正常工作(必须是配置问题),它从https重定向到http,我目前还没有运行。显然,我要求我的https服务器仅提供安全流量,而不是重定向到http。

这是我在浏览器栏中收到的内容: http://nginx.dev1.whispir.net/tmpl/home.tmpl#!/web_com/View_Workspace?rd=1307

但我要求它通过https上传到上游。

在浏览器的调试中,我看到: 获取http://nginx.dev1.whispir.net/tmpl/home.tmpl net :: ERR_CONNECTION_REFUSED

无法理解为什么它会撞到80端口。 我已关闭端口80上的http,因为我需要https工作。 我希望有人可以帮助我,让我疯了。

感谢您的光临。

这是我目前为端口443配置的

upstream HttpsMainWorker {
        # Sticky session
        ip_hash;

    server 10.1.161.59:8080;
    server 10.1.161.56:8080;
 }

upstream HttpsReportWorker {
        # Sticky session
        ip_hash;

    server 10.1.161.64:8080;
 }

upstream HttpsApiWorker {
        # Sticky session
        ip_hash;

    server 10.1.161.51:8080;
 }

server {
    listen              443 ssl;
    server_name         nginx.dev1.whispir.net;
    keepalive_timeout   70;


    ssl on;
    ssl_certificate         /etc/nginx/certs/2016/61d2d567aece769c.crt;
    ssl_certificate_key     /etc/nginx/certs/2016/wildcard.dev1.whispir.netclear.pem;
    ssl_session_timeout     5m;

    ssl_protocols   TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers     ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
    ssl_prefer_server_ciphers   on;

    access_log          /var/log/nginx/app17web/access.log  main;
    error_log           /var/log/nginx/app17web/error.log  debug;

    root                /data/htdocs/app17web.dev1.whispir.net;
    index index.jsp;

    rewrite_log on;
    location ~* \.(?:ico|css|js|gif|jpe?g|png|pdf)$ {
    expires 1d;
    add_header Pragma public;
    add_header Cache-Control "public";
    }

    error_page 401      /401.html;
    error_page 403      /403.html;
    error_page 500 502  /500.html;
    error_page 503      /503.html;
    error_page  400 404       /404.html;
    location  = /404.html {
        internal;
    }

    error_page   500 502 503 /50x.html;
        location = /50x.html {
            root   html;
        }

  location /{
    try_files $uri @backend;
  }



location @backend {
    proxy_pass  http://HttpsMainWorker;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
  }

    location ~ \.jsp$ {
        proxy_pass                      http://HttpsMainWorker;
        proxy_next_upstream             error timeout invalid_header http_500;
       proxy_connect_timeout    5s;

    }


    location /ivr/ivrRequest.ivr {
        proxy_pass                      http://HttpsMainWorker;
        proxy_next_upstream             error timeout invalid_header http_500;
       proxy_connect_timeout    5s;

    }

    location  /app/cfu/* {
        proxy_pass                      http://HttpsMainWorker;
        proxy_next_upstream             error timeout invalid_header http_500;
       proxy_connect_timeout    5s;

    }

    location  /tmpl/* {
       proxy_pass                      http://HttpsMainWorker;
        proxy_next_upstream             error timeout invalid_header http_500;
       proxy_connect_timeout    5s;

    }

1 个答案:

答案 0 :(得分:0)

上游应用程序(在端口8080上运行)很可能正在发出重定向。要么需要将其配置为在重定向中使用https,要么需要通知前端连接到达https

您的配置会为此目的插入标题X-Forwarded-Proto,但仅适用于locations之一。

proxy_set_header指令继承自外部块,仅当未在proxy_set_header中设置其他location指令时才会继承。

因此,要么在每个受影响的proxy_set_header X-Forwarded-Proto $scheme;块中添加location语句,要么将proxy_set_header指令的全部移到server块中范围。

例如:

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;

location @backend {
    proxy_pass  http://HttpsMainWorker;
}
location ~ \.jsp$ {
    proxy_pass                      http://HttpsMainWorker;
    proxy_next_upstream             error timeout invalid_header http_500;
    proxy_connect_timeout    5s;
}
location /ivr/ivrRequest.ivr {
    proxy_pass                      http://HttpsMainWorker;
    proxy_next_upstream             error timeout invalid_header http_500;
    proxy_connect_timeout    5s;
}
location  /app/cfu/* {
    proxy_pass                      http://HttpsMainWorker;
    proxy_next_upstream             error timeout invalid_header http_500;
    proxy_connect_timeout    5s;
}
location  /tmpl/* {
    proxy_pass                      http://HttpsMainWorker;
    proxy_next_upstream             error timeout invalid_header http_500;
    proxy_connect_timeout    5s;
}

有关详细信息,请参阅this document