nginx反向代理重定向到内部IP地址

时间:2021-01-08 06:12:52

标签: apache nginx nextcloud

我有一个 nginx 作为反向代理服务器和 apache 来服务器 nextcloudpi Web 应用程序。

我有以下 nginx 配置

server {

server_name drive.example.com;

location / {
proxy_pass http://192.168.0.7/;
proxy_set_header X-Real-IP  $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
}

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/drive.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/drive.example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = drive.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


listen 80;
listen [::]:80;

server_name drive.example.com;
    return 404; # managed by Certbot


}

以下为 apache 配置

<IfModule mod_ssl.c>
  <VirtualHost _default_:443>
    DocumentRoot /var/www/nextcloud
ServerName drive.example.com
    CustomLog /var/log/apache2/nc-access.log combined
    ErrorLog  /var/log/apache2/nc-error.log
    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/drive.example.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/drive.example.com/privkey.pem
  </VirtualHost>
  <Directory /var/www/nextcloud/>
    Options +FollowSymlinks
    AllowOverride All
    <IfModule mod_dav.c>
      Dav off
    </IfModule>
    LimitRequestBody 0
    SSLRenegBufferSize 10486000
  </Directory>
</IfModule>

注意:以前,我使用 apache 作为互联网的直接前端,现在我想使用 nginx 作为前端,而 apache 仍然作为 Web 应用程序服务器

如果我可以在不重定向到内部 IP 地址的情况下访问 drive.example.com,是否有任何帮助?

谢谢。

1 个答案:

答案 0 :(得分:0)

您似乎需要禁用代理重定向标头,尝试更改和更新 nginx(反向代理)的配置文件,这将确保您的 nginx 作为 运行apache 服务器和 客户端 之间的中间人,(而不是 nginx 只是通过重定向将客户端卸载到 apache 服务器,而不是充当中间人人):

server {
listen 80;
listen [::]:80; # if you're not using ipv6 do remove this line.    
server_name drive.example.com;

location / {
    proxy_redirect              off;
    proxy_read_timeout          1m;
    proxy_connect_timeout       1m;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;    
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_redirect off;
    proxy_pass http://192.168.0.7/;    
}

    listen [::]:443 ssl; # if you're not using ipb6 do remove this line
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/drive.example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/drive.example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = drive.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot




server_name drive.example.com;
    return 404; # managed by Certbot   
}
相关问题
最新问题