nginx内部反向代理

时间:2017-11-19 18:40:48

标签: nginx proxy reverse-proxy

我想要以下场景

  • 客户向http://my-domain.com
  • 发出浏览器请求
  • Nginx A拦截该请求,然后将其转发给托管我网站的Nginx B

我有当前配置,但我收到了ERR_TOO_MANY_REDIRECTS

Nginx A(登陆主机代理)

 server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    server_tokens off;
    return 301 https://$host$request_uri;
  }

  server {
    listen 443 ssl default_server;
    listen [::]:443 ssl default_server;
    ssl_certificate /my/ssl/my-domain.com.crt;
    ssl_certificate_key /my/ssl/my-domain.com.key;
    ssl_dhparam /my/ssl/dhparam.pem;
    ssl_prefer_server_ciphers on;
    ssl_ciphers
    'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';

    return 404;
  }

upstream client_proxy {
    server my_internal_server:80;
}


server {
        server_name my-domain.com;
        listen 443 ssl;

        ssl_certificate /my/ssl/my-domain.com.crt;
        ssl_certificate_key /my/ssl/my-domain.com.key;
        ssl_dhparam /my/ssl/dhparam.pem;
        ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
        ssl_prefer_server_ciphers on;
        ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';


        location / {
                rewrite ^ http://my-domain.com/;
                index index.html index.htm;
                charset utf-8;
                auth_basic off;
                allow all;
                proxy_pass http://client_proxy/;
                proxy_ignore_headers Set-Cookie Cache-Control Expires;
                proxy_hide_header "Set-Cookie";
                proxy_redirect off;
                proxy_set_header Host my-domain.com;
                proxy_set_header X-Forwarded-Host $host;
                proxy_set_header X-Forwarded-Server $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_For;
                proxy_set_header Connection "";
                proxy_http_version 1.1;
                proxy_connect_timeout 90s;
                proxy_send_timeout 90s;
                proxy_read_timeout 90s;
                proxy_buffer_size 4k;
                proxy_buffers 4 32k;
                proxy_busy_buffers_size 64k;
                proxy_temp_file_write_size 64k;
                send_timeout 90s;
        }
}

Nginx B(网络服务器)

server {
  listen 80;
  root /my/www;
  index index.html;
  try_files $uri $uri/ /index.html;
  #       ... other location blocks which are irrelevant here
}

1 个答案:

答案 0 :(得分:0)

正如Richard Smith在评论中所述,

删除重写规则并修复它