我正在将清漆缓存服务器与 nginx 一起使用。我试图从http重定向到https。我写了config,用于在清漆服务器中将http重定向到https。
default.vcl
sub vcl_recv {
if (client.ip != "127.0.0.1" && req.http.host ~ "groundforce.cloud") {
set req.http.x-redir = "https://groundforce.cloud" + req.url;
return(synth(850, ""));
}
}
sub vcl_synth {
if (resp.status == 850) {
set resp.http.Location = req.http.x-redir;
set resp.status = 302;
return (deliver);
}
}
我的nginx配置文件:
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name my_server;
port_in_redirect off;
ssl on;
ssl_certificate /etc/ssl/my_server.crt;
ssl_certificate_key /etc/ssl/my_server.key;
ssl_session_cache shared:SSL:20m;
ssl_session_timeout 60m;
add_header Strict-Transport-Security "max-age=31536000";
add_header X-Content-Type-Options nosniff;
location / {
proxy_pass http://127.0.0.1:80;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header HTTPS "on";
}
}
server {
listen 8080;
listen [::]:8080;
server_name my_server;
root /var/www/html;
index index.php;
port_in_redirect off;
location / {
try_files $uri $uri/ /index.php?$args;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param HTTPS on;
fastcgi_pass unix:/var/run/php7.0-fpm.sock;
}
}
注意:我删除了上面的default.vcl代码,然后http和https都可以正常工作。我遵循了以下this。
答案 0 :(得分:0)
相关信息:https://info.varnish-software.com/blog/rewriting-urls-with-varnish-redirection(即,如果可以的话,请使用PROXY协议,并为其提供支持。
这看起来像是一个无限循环,可能是因为nginx发出的请求并非完全来自127.0.0.1,因此client.ip != "127.0.0.1"是正确的。
尝试查看varnishlog来了解client.ip的实际含义,或者只是将其添加到vcl_synth中的响应标头中,然后通过curl -v https://groundforce.cloud/(或其他任何方法)检查其值您当然感到满意。