Nginx位置/日志没有代理正确传递给Kibana导致404

时间:2017-08-26 13:09:08

标签: docker nginx kibana nginx-location

我们有一个dockerized架构。唯一的主要入口点是我们的nginx。这使得我们所有服务之间的联系。

使用位置/到达域名可以正常工作。我们的Angular前端应用程序正确显示。

主要问题是在/logs位置访问KIBANA(v5.5)。

例如,尝试访问https://dev.example.com/logs/浏览器会显示404,因为它尝试访问https://dev.example.com/login?next=%2Flogs

在我们的位置端点代理的Kibana似乎尝试使用基本网址/重写网址。而不是重写/ logs / location之后附加的URI。

如何改进我们的配置: - 允许到达/ logs /正确显示我们的Kibana应用程序?

这是我们的nginx配置。请注意客户端,后端,kibana是指docker主机名。

server {
    listen  443;
    ssl     on;
    rdns    on;

    ssl_certificate /etc/ssl/production/certs/example/fullchain.pem;
    ssl_certificate_key /etc/ssl/production/certs/example/privkey.pem;

    server_name dev.example.com;

    # Angular APP
    location / {
        proxy_pass http://client;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Backend proxy
    location /api {
        proxy_pass http://backend:9090;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }

    # Logs on Kibana
    location /logs {
        proxy_pass http://kibana:5601;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }
}

CURL请求的结果:

curl -v https://dev.example.com/logs/
* About to connect() to dev.example.com port 443 (#0)
*   Trying xx.xx.xx.xx...
* connected
* Connected to dev.example.com (xx.xx.xx.xx) port 443 (#0)
* SSLv3, TLS handshake, Client hello (1):
* SSLv3, TLS handshake, Server hello (2):
* SSLv3, TLS handshake, CERT (11):
* SSLv3, TLS handshake, Server key exchange (12):
* SSLv3, TLS handshake, Server finished (14):
* SSLv3, TLS handshake, Client key exchange (16):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSLv3, TLS change cipher, Client hello (1):
* SSLv3, TLS handshake, Finished (20):
* SSL connection using ECDHE-RSA-AES256-GCM-SHA384
* Server certificate:
*        subject: CN=example.com
*        start date: 2017-08-23 17:26:00 GMT
*        expire date: 2017-11-21 17:26:00 GMT
*        subjectAltName: dev.example.com matched
*        issuer: C=US; O=Let's Encrypt; CN=Let's Encrypt Authority X3
*        SSL certificate verify ok.
> GET /logs HTTP/1.1
> User-Agent: curl/7.28.1
> Host: dev.example.com
> Accept: */*
>
< HTTP/1.1 404 Not Found
< Server: nginx/1.13.1
< Date: Sat, 26 Aug 2017 15:39:43 GMT
< Content-Type: text/html
< Content-Length: 169
< Connection: keep-alive
<
<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>nginx/1.13.1</center>
</body>
</html>
* Connection #0 to host dev.example.com left intact
* Closing connection #0
* SSLv3, TLS alert, Client hello (1):

感谢您的帮助。

1 个答案:

答案 0 :(得分:1)

您需要将server.basePath设置为/logs,方法是将SERVER_BASEPATH环境变量传递给kibana容器。

然后,您需要在代理位置使用重写来删除nginx中的/ logs前缀:

location /logs {
    rewrite ^/logs(/.*)$ $1 break;
    proxy_pass http://kibana:5601;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
}

另外,显然kibana中存在一个错误,只有当我们使用以下网址到达kibana时,上述配置才有效:

http://nginxip/logs/

但如果我们没有结束斜杠,则不会出现,例如:

http://nginxip/logs

要解决这个问题,我们需要在nginx中添加另一个重写,以确保始终存在结束斜杠。在/ logs位置之外添加以下内容:

rewrite ^/logs$ /logs/;

来源:https://www.elastic.co/guide/en/kibana/current/settings.html