我将 nginx 设置为许多虚拟主机的反向代理,效果很好,但对于其中一个来说。
它正确代理对实际服务器的调用,并且加载一些图像,而另一些则不加载。 考虑反向代理是 nginx,而 Web 服务由 apache 托管。
这是
error.log
2023/12/13 11:20:25 [error] 1323621#1323621: *402 open() "/usr/share/nginx/html/wp-content/uploads/2018/11/oslo.jpg" failed (2: No such file or directory), client: 192.168.49.10, server: www.my-site, request: "GET /wp-content/uploads/2018/11/oslo.jpg HTTP/1.1", host: "www.my-site", referrer: "www.my-site/"
##################
## plain http
##################
server {
listen 80;
server_name gwww.my-site;
return 301 https://$server_name$request_uri;
}
##################
## cyphered https
##################
server {
# SRV NAME
listen 443 ssl;
server_name www.my-site;
# TLS
ssl_certificate /etc/ssl/websites/www.my-site.crt;
ssl_certificate_key /etc/ssl/websites/www.my-site.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/www.my-site.access.log;
error_log /var/log/nginx/www.my-site.error.log;
# IP based access management
#IP_CHECKallow 109.115.186.2;
#IP_CHECKallow 192.168.49.0/24;
#IP_CHECKdeny all;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
# CORS
#CORSif ($request_method = 'OPTIONS') {
#CORS add_header 'Access-Control-Allow-Origin' '*';
#CORS add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
# Custom headers and headers various browsers *should* be OK with but aren't
#CORS add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range';
#
# Tell client that this pre-flight info is valid for 20 days
#
#CORS add_header 'Access-Control-Max-Age' 1728000;
#CORS add_header 'Content-Type' 'text/plain; charset=utf-8';
#CORS add_header 'Content-Length' 0;
#CORS return 204;
#CORS}
#CORSif ($request_method = 'POST') {
#CORS add_header 'Access-Control-Allow-Origin' '*' always;
#CORS add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
#CORS add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
#CORS add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
#CORS}
#CORSif ($request_method = 'GET') {
#CORS add_header 'Access-Control-Allow-Origin' '*' always;
#CORS add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always;
#CORS add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range' always;
#CORS add_header 'Access-Control-Expose-Headers' 'Content-Length,Content-Range' always;
#CORS}
# Security Headers
fastcgi_hide_header X-Powered-By;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
add_header Set-Cookie "Path=/; HttpOnly; Secure";
add_header Cache-Control 'no-store, no-cache';
# config to enable HSTS(HTTP Strict Transport Security)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "script-src 'self' *.youtube.com maps.gstatic.com *.googleapis.com *.google-analytics.com cdnjs.cloudflare.com assets.zendesk.com connect.facebook.net; frame-src 'self' *.youtube.com assets.zendesk.com *.facebook.com s-static.ak.facebook.com tautt.zendesk.com; object-src 'self'; default-src 'self'; frame-ancestors 'self'; form-action 'self'";
# header and cache expiration
expires epoch;
# security
#Autenticazioneauth_basic "Authentication required";
#Autenticazioneauth_basic_user_file /etc/nginx/.htpasswd;
location / {
proxy_pass https://www.my-site.portals/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
proxy_ssl_verify off;
proxy_ssl_trusted_certificate /etc/ssl/websites/
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
proxy_ssl_name $proxy_host;
}
#location ~* \.(?:cgi|shtml|phtml|php)$ {
# add_header Cache-Control "public";
# client_max_body_size 0;
# chunked_transfer_encoding on;
# }
location ~* \.(?:woff|woff2|ico|pdf|flv|jpg|jpeg|png|gif|js|css|gz|swf|txt)$ { # testare!!
access_log off;
}
# CGI
# location /cgi-bin/ {
# gzip off;
# root /usr/lib;
# fastcgi_pass unix:/var/run/fcgiwrap.socket;
# include ./fastcgi_params;
# fastcgi_param SCRIPT_FILENAME /usr/lib$fastcgi_script_name;
# }
location ~ [^/]\.php(/|$) {
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
# Mitigate https://httpoxy.org/ vulnerabilities
fastcgi_param HTTP_PROXY "";
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
# include the fastcgi_param setting
include fastcgi_params;
# SCRIPT_FILENAME parameter is used for PHP FPM determining
# the script name. If it is not set in fastcgi_params file,
# i.e. /etc/nginx/fastcgi_params or in the parent contexts,
# please comment off following line:
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
location ~ \wp-login.php$ {
allow 192.168.0.0/16;
deny all;
include fastcgi.conf;
fastcgi_intercept_errors on;
fastcgi_pass unix:/var/run/appname.sock;
}
include fastcgi.conf;
fastcgi_intercept_errors on;
#fastcgi_pass unix:/var/run/appname.sock;
}
location = /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
}
资源存在于服务器的文件系统上,但服务器可以找到第一个资源,而服务器则找不到。
root@wp-02:/var/www/dstorewp02/www3/www.my-site.# ls wp-content/uploads/2022/01/flag.png
wp-content/uploads/2022/01/flag.png
root@wp-02:/var/www/dstorewp02/www3/www.my-site.# ls wp-content/uploads/2018/11/oslo.jpg
wp-content/uploads/2018/11/oslo.jpg
在页面代码中它们的调用方式如下:
<img usemap="#flags" alt="flags" src="https://www.greencharge2020.eu/wp-content/uploads/2022/01/flag.png"
style="z-index: 5;"><img src="https://www.greencharge2020.eu/wp-content/plugins/revslider/admin/assets/images/dummy.png" alt="" data-ww="['1427px','1427px','1427px','717px']" data-hh="['855px','855px','855px','430px']" data-lazyload="https://greencharge2020.eu/wp-content/uploads/2018/11/oslo.jpg" data-no-retina> </div>
有什么提示吗?
我希望反向代理能够正常工作,找到内容。
如果您的静态文件位于
/var/www/dstorewp02/www3/www.my-site.
中,则使用 root
指令告诉它。
然后您必须将代理到门户移动到指定位置
@portal
。
使用
location /
告诉nginx尝试访问您提供的路径中的静态文件,如果文件不存在则尝试询问@portals
root /var/www/dstorewp02/www3/www.my-site.;
location / {
try_files $uri @portals;
}
location @portals {
proxy_pass https://www.my-site.portals/;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 900;
proxy_ssl_verify off;
proxy_ssl_trusted_certificate /etc/ssl/websites/
proxy_ssl_verify_depth 2;
proxy_ssl_session_reuse on;
proxy_ssl_name $proxy_host;
}