翼手龙的Nginx反向代理问题

问题描述 投票:1回答:1

[我一直在尝试使用nginx的proxy_pass创建专用的VM来充当反向代理,以将流量路由到另一台运行了带有Nginx的翼手龙的主机。

我还根据运行反向代理的要求在.env配置中设置了以下内容:TRUSTED_PROXIES = 192.168.10.11(我的代理虚拟机)(请参阅应用程序文档)

在运行代理的虚拟机(192.168.10.11)上,我具有以下配置:如果使用第一个配置,则只需重置连接即可。

server {
  listen 80;
  listen [::]:80;

  server_name example.com;

  location / {
      proxy_pass http://192.168.10.30/;
  }
}

如果我使用ssl进行重定向,则会收到“ err_to_many_redirects”。

server {

  server_name gsp.networkgamez.com;

  location / {
      proxy_pass http://192.168.10.30/;
  }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


  listen 80;
  listen [::]:80;

  server_name example.com;
    return 404; # managed by Certbot


}

在VM上运行第二个带有翼手龙的nginx实例(192.168.10.30)时,我拥有的配置是文档https://pterodactyl.io/panel/webserver_configuration.html#nginx中的默认nginx配置设置(显然,域标记已更改为我的域)

server_tokens off;

server {
    listen 80;
    server_name <domain>;
    return 301 https://$server_name$request_uri;
}

server {
    listen 443 ssl http2;
    server_name <domain>;

    root /var/www/pterodactyl/public;
    index index.php;

    access_log /var/log/nginx/pterodactyl.app-access.log;
    error_log  /var/log/nginx/pterodactyl.app-error.log error;

    # allow larger file uploads and longer script runtimes
    client_max_body_size 100m;
    client_body_timeout 120s;

    sendfile off;

    # SSL Configuration
    ssl_certificate /etc/letsencrypt/live/<domain>/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/<domain>/privkey.pem;
    ssl_session_cache shared:SSL:10m;
    ssl_protocols TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256';
    ssl_prefer_server_ciphers on;

    # See https://hstspreload.org/ before uncommenting the line below.
    # add_header Strict-Transport-Security "max-age=15768000; preload;";
    add_header X-Content-Type-Options nosniff;
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Robots-Tag none;
    add_header Content-Security-Policy "frame-ancestors 'self'";
    add_header X-Frame-Options DENY;
    add_header Referrer-Policy same-origin;

    location / {
        try_files $uri $uri/ /index.php?$query_string;
    }

    location ~ \.php$ {
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        fastcgi_pass unix:/run/php/php7.2-fpm.sock;
        fastcgi_index index.php;
        include fastcgi_params;
        fastcgi_param PHP_VALUE "upload_max_filesize = 100M \n post_max_size=100M";
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_param HTTP_PROXY "";
        fastcgi_intercept_errors off;
        fastcgi_buffer_size 16k;
        fastcgi_buffers 4 16k;
        fastcgi_connect_timeout 300;
        fastcgi_send_timeout 300;
        fastcgi_read_timeout 300;
        include /etc/nginx/fastcgi_params;
    }

    location ~ /\.ht {
        deny all;
    }
}

有人知道这可能是什么造成的吗?我一直在跟踪nginx访问和错误日​​志,但它并没有生成任何内容。

提前感谢!

nginx proxy reverse-proxy
1个回答
0
投票

通过在proxypass函数中包含https来解决

示例:

proxy_pass https://192.168.10.30/;
© www.soinside.com 2019 - 2024. All rights reserved.