希望有人能指出我的配置失败。
我遇到一个问题,我的上游重定向不能正常工作(必须是配置问题),它从https重定向到http,我目前还没有运行。显然,我要求我的https服务器仅提供安全流量,而不是重定向到http。
这是我在浏览器栏中收到的内容: http://nginx.dev1.whispir.net/tmpl/home.tmpl#!/web_com/View_Workspace?rd=1307
但我要求它通过https上传到上游。
在浏览器的调试中,我看到: 获取http://nginx.dev1.whispir.net/tmpl/home.tmpl net :: ERR_CONNECTION_REFUSED
无法理解为什么它会撞到80端口。 我已关闭端口80上的http,因为我需要https工作。 我希望有人可以帮助我,让我疯了。
感谢您的光临。
这是我目前为端口443配置的
upstream HttpsMainWorker {
# Sticky session
ip_hash;
server 10.1.161.59:8080;
server 10.1.161.56:8080;
}
upstream HttpsReportWorker {
# Sticky session
ip_hash;
server 10.1.161.64:8080;
}
upstream HttpsApiWorker {
# Sticky session
ip_hash;
server 10.1.161.51:8080;
}
server {
listen 443 ssl;
server_name nginx.dev1.whispir.net;
keepalive_timeout 70;
ssl on;
ssl_certificate /etc/nginx/certs/2016/61d2d567aece769c.crt;
ssl_certificate_key /etc/nginx/certs/2016/wildcard.dev1.whispir.netclear.pem;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/app17web/access.log main;
error_log /var/log/nginx/app17web/error.log debug;
root /data/htdocs/app17web.dev1.whispir.net;
index index.jsp;
rewrite_log on;
location ~* \.(?:ico|css|js|gif|jpe?g|png|pdf)$ {
expires 1d;
add_header Pragma public;
add_header Cache-Control "public";
}
error_page 401 /401.html;
error_page 403 /403.html;
error_page 500 502 /500.html;
error_page 503 /503.html;
error_page 400 404 /404.html;
location = /404.html {
internal;
}
error_page 500 502 503 /50x.html;
location = /50x.html {
root html;
}
location /{
try_files $uri @backend;
}
location @backend {
proxy_pass http://HttpsMainWorker;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location ~ \.jsp$ {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
location /ivr/ivrRequest.ivr {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
location /app/cfu/* {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
location /tmpl/* {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
答案 0 :(得分:0)
上游应用程序(在端口8080上运行)很可能正在发出重定向。要么需要将其配置为在重定向中使用https,要么需要通知前端连接到达https。
您的配置会为此目的插入标题X-Forwarded-Proto,但仅适用于locations之一。
proxy_set_header指令继承自外部块,仅当未在proxy_set_header中设置其他location指令时才会继承。
因此,要么在每个受影响的proxy_set_header X-Forwarded-Proto $scheme;块中添加location语句,要么将proxy_set_header指令的全部移到server块中范围。
例如:
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
location @backend {
proxy_pass http://HttpsMainWorker;
}
location ~ \.jsp$ {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
location /ivr/ivrRequest.ivr {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
location /app/cfu/* {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
location /tmpl/* {
proxy_pass http://HttpsMainWorker;
proxy_next_upstream error timeout invalid_header http_500;
proxy_connect_timeout 5s;
}
有关详细信息,请参阅this document。