1. 首頁
  2. 問答
  3. Nginx - 上游重定向不起作用

Nginx - 上游重定向不起作用

2017-03-07 324 views
1

希望有人能指出我的配置失敗。Nginx - 上游重定向不起作用

我有一個問題,我的上游重定向不工作,因爲它應該(必須是配置問題),它從https重定向到http,我目前沒有運行。很明顯,我需要我的https服務器只提供安全的流量,而不是重定向到http。

這是我收到我的瀏覽器吧: http://nginx.dev1.whispir.net/tmpl/home.tmpl#!/web_com/View_Workspace?rd=1307

但我需要它去上游通過https。

在瀏覽器的調試我看到: GET http://nginx.dev1.whispir.net/tmpl/home.tmpl網:: ERR_CONNECTION_REFUSED

無法捉摸爲什麼它是創下80端口 我已經關閉HTTP端口80,因爲我需要工作的HTTPS 。 我希望有人能幫助我,讓我瘋狂。

感謝您的期待。

這是我對443端口

upstream HttpsMainWorker { 
     # Sticky session 
     ip_hash; 

    server 10.1.161.59:8080; 
    server 10.1.161.56:8080; 
} 

upstream HttpsReportWorker { 
     # Sticky session 
     ip_hash; 

    server 10.1.161.64:8080; 
} 

upstream HttpsApiWorker { 
     # Sticky session 
     ip_hash; 

    server 10.1.161.51:8080; 
} 

server { 
    listen    443 ssl; 
    server_name   nginx.dev1.whispir.net; 
    keepalive_timeout 70; 


    ssl on; 
    ssl_certificate   /etc/nginx/certs/2016/61d2d567aece769c.crt; 
    ssl_certificate_key  /etc/nginx/certs/2016/wildcard.dev1.whispir.netclear.pem; 
    ssl_session_timeout  5m; 

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2; 
    ssl_ciphers  ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv3:+EXP; 
    ssl_prefer_server_ciphers on; 

    access_log   /var/log/nginx/app17web/access.log main; 
    error_log   /var/log/nginx/app17web/error.log debug; 

    root    /data/htdocs/app17web.dev1.whispir.net; 
    index index.jsp; 

    rewrite_log on; 
    location ~* \.(?:ico|css|js|gif|jpe?g|png|pdf)$ { 
    expires 1d; 
    add_header Pragma public; 
    add_header Cache-Control "public"; 
    } 

    error_page 401  /401.html; 
    error_page 403  /403.html; 
    error_page 500 502 /500.html; 
    error_page 503  /503.html; 
    error_page 400 404  /404.html; 
    location = /404.html { 
     internal; 
    } 

    error_page 500 502 503 /50x.html; 
     location = /50x.html { 
      root html; 
     } 

    location /{ 
    try_files $uri @backend; 
    } 



location @backend { 
    proxy_pass http://HttpsMainWorker; 
    proxy_set_header Host $host; 
    proxy_set_header X-Real-IP $remote_addr; 
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
    proxy_set_header X-Forwarded-Proto $scheme; 
    } 

    location ~ \.jsp$ { 
     proxy_pass      http://HttpsMainWorker; 
     proxy_next_upstream    error timeout invalid_header http_500; 
     proxy_connect_timeout 5s; 

    } 


    location /ivr/ivrRequest.ivr { 
     proxy_pass      http://HttpsMainWorker; 
     proxy_next_upstream    error timeout invalid_header http_500; 
     proxy_connect_timeout 5s; 

    } 

    location /app/cfu/* { 
     proxy_pass      http://HttpsMainWorker; 
     proxy_next_upstream    error timeout invalid_header http_500; 
     proxy_connect_timeout 5s; 

    } 

    location /tmpl/* { 
     proxy_pass      http://HttpsMainWorker; 
     proxy_next_upstream    error timeout invalid_header http_500; 
     proxy_connect_timeout 5s; 

    }

來源

2017-03-07 glfab

回答

0

最有可能的上游應用程序(端口8080上運行)時發出重定向當前的配置。要麼需要將其配置爲在重定向中使用https,要麼需要通知前端連接已通過https

您的配置爲此目的插入標頭X-Forwarded-Proto,但僅限於locations之一。

proxy_set_header指令從外塊繼承,僅當沒有其它proxy_set_header指令是在location設置。

所以,要麼添加proxy_set_header X-Forwarded-Proto $scheme;聲明爲每個受影響的location塊,或移動所有proxy_set_header指令到server塊範圍。

例如:

proxy_set_header Host $host; 
proxy_set_header X-Real-IP $remote_addr; 
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
proxy_set_header X-Forwarded-Proto $scheme; 

location @backend { 
    proxy_pass http://HttpsMainWorker; 
} 
location ~ \.jsp$ { 
    proxy_pass      http://HttpsMainWorker; 
    proxy_next_upstream    error timeout invalid_header http_500; 
    proxy_connect_timeout 5s; 
} 
location /ivr/ivrRequest.ivr { 
    proxy_pass      http://HttpsMainWorker; 
    proxy_next_upstream    error timeout invalid_header http_500; 
    proxy_connect_timeout 5s; 
} 
location /app/cfu/* { 
    proxy_pass      http://HttpsMainWorker; 
    proxy_next_upstream    error timeout invalid_header http_500; 
    proxy_connect_timeout 5s; 
} 
location /tmpl/* { 
    proxy_pass      http://HttpsMainWorker; 
    proxy_next_upstream    error timeout invalid_header http_500; 
    proxy_connect_timeout 5s; 
}

詳見this document

來源

2017-03-07 09:12:29

+0

嗨理查德,感謝您的快速反應,它像一個魅力,非常感謝這一點。十分感謝。 – glfab

 相關問題

  • 暫無相關問題^_^