Nginx配置出现问题

时间:2018-06-29 09:31:59

标签: nginx https

我正在在家中通过我的VM运行一些服务,但与不良的bot以及为子域设置https重定向有关,我遇到了一些问题。非常感谢您为解决这些问题提供的帮助。

bad_bot问题是,如果我在Nginx文件中将其启用,它将不允许我从任何浏览器打开网页(引发403错误)。代码如下:

map $http_user_agent $bad_bot {
    default     1;
  "~*\bUptimeRobot/2.0\b"       0;
}

另一个问题是,如果我通过在浏览器中键入链​​接来访问任何子域,则默认情况下会将我重定向到端口80而不是端口443。我想在所有情况下都重定向到端口443。我的default文件内容如下:

include /etc/nginx/blockuseragents.rules;
include /etc/nginx/bad_bots.rules;

map $http_upgrade $connection_upgrade {  
    default upgrade;
    ''      close;
}

#server {
# listen 80 default_server;
#   listen [::]:80 default_server;
#   server_name *.example.in;
#   return 301 https://$server_name$request_uri;
#}

#Main Server Configuration Part
server {
  #BlockedAgent
  if ($blockedagent) {
        return 403;
  }

  #Bad Bots Filtering
  #if ($bad_bot) {
  #      return 403;
  #}

  #Block Request Method
  #if ($request_method !~ ^(GET|HEAD|POST)$) {
  #      return 444;
  #}

  listen [::]:443 ssl http2;
  listen 443 ssl http2;
  server_name example.in;
  include /etc/nginx/conf.d/*.conf;

    #location / { 
    #root /usr/share/nginx/html;
    #index index.html index.htm index.nginx-debian.html;
    #try_files $uri /index.html;
    #}

    #SSL Configuration
    include /etc/nginx/ssl.conf;

    #Tautulli
    location /tautulli {
    proxy_pass http://192.168.0.12:8181;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Ssl on;
    }

    #Transmission Torrent Client
    location /transmission {
    proxy_pass http://192.168.0.12:9091;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    #Radarr Movies
    location /radarr {
    proxy_pass http://192.168.0.12:7878;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    #Sonarr TV Shows
    location /sonarr {
    proxy_pass http://192.168.0.12:8989;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    #Ombi
    location /ombi/ {
    proxy_pass http://192.168.0.12:5000;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Ssl on;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_read_timeout  90;
    proxy_redirect http://192.168.0.12:5000 https://$host;
    }
    if ($http_referer ~* /ombi/) {
    rewrite ^/dist/([0-9\d*]).js /ombi/dist/$1.js last;
    }

    #Sabnzbd
    location /sabnzbd {
    proxy_pass http://192.168.0.12:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    #Jackett
    location /jackett {
    proxy_pass http://192.168.0.12:9117;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

}

#Home Assistant Block
#Add entry in Cloudflare DNS ("CNAME home example.DynamicDNSProvider.com") to enable
server {
  ##BlockedAgent
  #if ($blockedagent) {
  #      return 403;
  #}

  listen [::]:443 ssl http2;
  listen 443 ssl http2;
  server_name home.example.in;
  #return 301 https://$host$request_uri;
  include /etc/nginx/conf.d/*.conf;

    #SSL Configuration
    include /etc/nginx/ssl.conf;

    #Home Assistant
    location / {
    proxy_pass http://192.168.0.12:8123/;
    proxy_set_header Host $host;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    #Home Assistant Google Assistant Block
    location /api/google_assistant {
    proxy_pass http://192.168.0.12:8123;
    proxy_set_header Host $host;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    #Home Assistant API and Websocket
    location /api/websocket {
    proxy_pass http://192.168.0.12:8123/api/websocket;
    proxy_set_header Host $host;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    #Home Assistant Notifications Fix
    location /api/notify.html5/callback {
    if ($http_authorization = "") { return 403; }
    allow all;
    proxy_pass http://192.168.0.12:8123;
    proxy_set_header Host $host;
    proxy_redirect http:// https://;
    }
}

#pfSense Block
#Add entry in Cloudflare DNS ("CNAME pfsense example.DynamicDNSProvider.com") to enable
server {
  #BlockedAgent
  if ($blockedagent) {
        return 403;
  }

  listen [::]:443 ssl http2;
  listen 443 ssl http2;
  server_name pfsense.example.in;
  #return 301 https://$host$request_uri;
  include /etc/nginx/conf.d/*.conf;

    #SSL Configuration
    include /etc/nginx/ssl.conf;

    location / {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/.htpasswd;
          proxy_pass https://192.168.0.1:443;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_buffering off;
    }
}

#UniFi Controller Block
#Add entry in Cloudflare DNS ("CNAME unifi example.DynamicDNSProvider.com") to enable
server {
  #BlockedAgent
  if ($blockedagent) {
        return 403;
  }

  listen [::]:443 ssl http2;
  listen 443 ssl http2;
  server_name unifi.example.in;
  #return 301 https://$host$request_uri;
  include /etc/nginx/conf.d/*.conf;

    #SSL Configuration
    include /etc/nginx/ssl.conf;

    location / {
        #auth_basic "Restricted";
          #auth_basic_user_file /etc/nginx/.htpasswd;
          proxy_pass https://localhost:8443;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_buffering off;
    }
}

#FreeNAS Block
#Add entry in Cloudflare DNS ("CNAME newton example.DynamicDNSProvider.com") to enable
server {
  #BlockedAgent
  if ($blockedagent) {
        return 403;
  }

  listen [::]:443 ssl http2;
  listen 443 ssl http2;
  server_name newton.example.in;
  #return 301 https://$host$request_uri;
  include /etc/nginx/conf.d/*.conf;

    #SSL Configuration
    include /etc/nginx/ssl.conf;

    location / {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/.htpasswd;
        proxy_pass https://192.168.0.10:443;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_buffering off;
    }
}

#IPMI Block
#Add entry in Cloudflare DNS ("CNAME ipmi example.DynamicDNSProvider.com") to enable
server {
  #BlockedAgent
  if ($blockedagent) {
        return 403;
  }

  listen [::]:443 ssl http2;
  listen 443 ssl http2;
  server_name ipmi.example.in;
  #return 301 https://$server_name$request_uri;
  include /etc/nginx/conf.d/*.conf;

    #SSL Configuration
    include /etc/nginx/ssl.conf;

    location / {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/.htpasswd;
        proxy_pass https://192.168.0.8:443;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_buffering off;
    }
}

1 个答案:

答案 0 :(得分:0)

您的地图指令又回到了前面。您还需要将〜*移到正则表达式的引号之外。

map $http_user_agent $bad_bot { default 1; #This sets $bad_bot to 1 is nothing else matches "~*\bUptimeRobot/2.0\b" 0; #This sets $bad_bot to 0 if the regex matches }

因此,在这一点上,如果您修复了正则表达式,则UptimeRobot将为$bad_bot 0,其他所有人将为$bad_bot 1

当大多数人进入配置的这一部分时,它看起来并不好:

if ($bad_bot) { return 403; }