我尝试在启用SSL的情况下设置nginx的反向代理。 Nginx具有SSL证书和密钥。后端服务器不与Nginx通信SSL(它在DMZ本地网络设置上,所以我猜它没问题。)
我的问题是:当代理传递发生时,错误日志会显示很多这样的文件或目录'。它将我带到后端应用程序的404错误页面。
这是一些错误行:
2052#2052:* 9 open()" /etc/nginx/html/scripts/msptagutils.js"失败(2:没有这样的文件或目录),客户端:189.68.143.17,服务器:www.example.com.br,请求:" GET /scripts/msptagutils.js?build=9301 HTTP / 1.1&#34 ;,主持人:www.example.com.br,推荐人:https://www.example.com.br/servicedesk/
2052#2052:* 9 open()" /etc/nginx/html/style/sdmspstyle.css"失败(2:没有这样的文件或目录),客户端:189.68.143.17,服务器:www.example.com.br,请求:" GET /style/sdmspstyle.css?build=9301 HTTP / 1.1&#34 ;,主持人:www.example.com.br,推荐人:https://www.example.com.br/servicedesk/
2052#2052:* 1 open()" /etc/nginx/html/ze/css/gray/ze.min.css"失败(2:没有这样的文件或目录),客户端:189.68.143.17,服务器:www.example.com.br,请求:" GET /ze/css/gray/ze.min.css HTTP / 1.1& #34;,主持人:" www.example.com.br",推荐人:" https://www.example.com.br/servicedesk/"
这是servicedesk.conf文件:
server {
### server port and name ###
listen 443;
ssl on;
server_name www.example.com.br;
### SSL log files ###
access_log /var/log/nginx/servicedesk-ssl-access.log;
error_log /var/log/nginx/servicedesk-ssl-error.log;
### SSL cert files ###
ssl_certificate /etc/nginx/ssl/www.example.com.br-chained.crt;
ssl_certificate_key /etc/nginx/ssl/example.com.br.key;
### Add SSL specific settings here ###
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers RC4:HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
keepalive_timeout 60;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
### We want full access to SSL via backend ###
location /servicedesk {
proxy_pass http://servicedesk-site.example.local;
### force timeouts if one of backend is died ##
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
### Set headers ####
proxy_set_header Accept-Encoding "";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
### Most PHP, Python, Rails, Java App can use this header ###
#proxy_set_header X-Forwarded-Proto https;##
#This is better##
proxy_set_header X-Forwarded-Proto $scheme;
add_header Front-End-Https on;
### By default we don't want to redirect it ####
proxy_redirect off;
}
}
你们可以指点我的方向吗?我做错了什么?
答案 0 :(得分:1)
您似乎只代理路径/servicedesk
的请求。
日志显示对nginx尝试在本地解析的/scripts/msptagutils.js
的访问。如果nginx只进行SSL卸载,那么这些请求也应该传递给后端。所以只需代理完整路径/
server {
...
location / {
prox_pass ...
}
}