我有一个反向代理,Nginx 在端口 5000 上运行,我想将所有到达端口 5000 的请求重定向为 https 请求。
现在我收到错误:400 Bad Request 纯 HTTP 请求已发送到 HTTPS 端口
server {
listen 5000 ssl;
server_name myserver.com;
location / {
proxy_pass http://127.0.0.1:8080;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header Host $host:5000;
add_header 'Access-Control-Allow-Methods' 'GET, POST';
add_header 'Access-Control-Allow-Headers' 'Authorization, Content-Type';
add_header 'Access-Control-Allow-Credentials' 'true';
# here comes the basic auth, after the options part
auth_basic 'Restricted';
auth_basic_user_file path/to/.htpasswd;
}
ssl on;
ssl_certificate path/to/crt;
ssl_certificate_key path/to/key;
}
好吧,我尝试添加 …
我想将 NGINX 配置为作为其他微服务的反向代理。
我能够将请求从 NGINX 转发到其中一个微服务
如果我curl http://xx.xx.xx.xx:8080/打电话确实登陆了消费者门户但它使用默认位置配置/
当我评论1st块并配置相同的code位置/consumer-portal并执行操作时curl http://xx.xx.xx.xx:8080/consumer-portal
我得到:
无法获取/消费者门户
我有超过 10 个微服务,我想使用 NGINX 调用它们。
下面是我的nginx.conf文件
worker_processes 4;
events {
worker_connections 1024;
}
http {
sendfile on;
upstream consumer-portal {
server xx.xx.xx.xx:9006;
}
upstream publisher-portal {
server xx.xx.xx.xx:9001;
}
server {
listen 8080;
#1st Block
#location / {
# proxy_pass http://consumer-portal;
# proxy_redirect off;
# proxy_set_header Host $host;
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header …nginx docker docker-machine nginx-location nginx-reverse-proxy
我正在尝试将多个位置传递给代理,但我根本无法使其工作。有人能指出我正确的方向吗?
这是我到目前为止:
location / {
try_files $uri $uri/ /index.html =404
gzip on;
}
location ~* ^/(login|callback|ph|ch|th) {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_cache_bypass $http_upgrade;
proxy_pass http://127.0.0.1:4002;
}
正如你可能知道的,我正在努力通过
/登录
/打回来
/ph
/ch
/th
到端口 4002 上的 localhost,但它没有通过它们?
编辑:如果有任何帮助。我认为我的前端劫持了路径位置?虽然不确定。
我是 Nginx 配置的新手,我有一个进程,它是一个快速应用程序,使用 pm2 在端口 3000 上运行,我也允许使用 ufw 端口 3000,并在 Nginx 上创建了一个服务器实例来代理它,
server {
# SSL configuration
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name .mysite.co;
location = /favicon.ico { access_log off; log_not_found off; }
location /static/ {
root /home/django/mysite;
}
proxy_cache mysite;
location / {
include proxy_params;
proxy_pass http://unix:/home/django/mysite/mysite.sock;
}
gzip_comp_level 3;
gzip_types text/plain text/css image/*;
ssl_certificate /etc/letsencrypt/live/mysite.co/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mysite.co/privkey.pem; # managed by Certbot
}
server {
if ($host = www.mysite.co) {
return 301 …问题
我在 Kong 错误日志中收到一条错误消息,报告上游服务器已超时。但我知道上游进程只花了一分钟,当它完成时(在 Kong 记录了错误之后)它会记录一个 java 错误“Broken Pipe”,这意味着 Kong 不再监听响应。
这是上游进程花费的时间超过 60 秒时的行为。在某些情况下,只需不到 60 秒,一切正常。
如何延长 Kong 的超时时间?
细节
金刚版
1.1.2
Kong的错误信息(略有编辑):
2019/12/06 09:57:10 [error] 1421#0: *1377 upstream timed out (110: Connection timed out) while reading response header from upstream, client: xyz.xyz.xyz.xyz, server: kong, request: "POST /api/...... HTTP/1.1", upstream: "http://127.0.0.1:8010/api/.....", host: "xyz.xyz.com"
这是上游服务器日志中的错误(Java / Tomcat via SpringBoot)
Dec 06 09:57:23 gateway-gw001-99 java[319]: org.apache.catalina.connector.ClientAbortException: java.io.IOException: Broken pipe
Dec 06 09:57:23 gateway-gw001-99 java[319]: at org.apache.catalina.connector.OutputBuffer.realWriteBytes(OutputBuffer.java:364) ~[tomcat-embed-core-8.5.42.jar!/
Dec 06 09:57:23 gateway-gw001-99 java[319]: …我已经在 StackOverflow 中搜索了我的问题,但我似乎总是遇到502 Bad GatewayNginx Docker 配置问题。我正在尝试pgadmin4使用我的域进行访问mydomain.com/pgadmin,而不是它的 docker 容器暴露的端口在mydomain.com:8060哪里。8060我的docker-compose.yml文件如下所示:
version: '3.5'
services:
reverse-proxy:
image: nginx:1.19.6
restart: always
ports:
- "80:80"
- "443:443"
postgres:
image: postgres:12
ports:
- "5432:5432"
pgadmin:
image: dpage/pgadmin4
depends_on:
- postgres
ports:
- "8060:80"
networks:
default:
external:
name: defaultnetwork
我的 nginx 容器的文件default.conf如下所示:
upstream pgadmin {
server 127.0.0.1:8060;
}
server {
listen 80;
listen [::]:80;
server_name mydomain.com;
root /usr/share/nginx/html;
index index.html index.htm;
location /pgadmin …我正在尝试使用 nginx 在反向代理后面设置一个 keycloak 实例,我几乎做到了。
我的(部分)docker-compose:
version: '3.4'
services:
[...]
keycloak:
image: jboss/keycloak
environment:
- DB_VENDOR=[vendor]
- DB_USER=[user]
- DB_PASSWORD=[password]
- DB_ADDR=[dbaddr]
- DB_DATABASE=[dbname]
- KEYCLOAK_USER=[adminuser]
- KEYCLOAK_PASSWORD=[adminpassword]
- KEYCLOAK_IMPORT=/tmp/my-realm.json
- KEYCLOAK_FRONTEND_URL=https://auth.mydomain.blah/auth
- PROXY_ADDRESS_FORWARDING=true
- REDIRECT_SOCKET=proxy-https
[...]
我的 nginxconf 只是
server {
listen 443 ssl;
server_name auth.mydomain.blah;
ssl_certificate /etc/letsencrypt/live/auth.mydomain.blah/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/auth.mydomain.blah/privkey.pem;
location / {
proxy_pass http://keycloak:8080;
}
}
它有效,我可以访问 keycloakhttps://auth.mydomain.blah/auth 但当我查看时https://auth.mydomain.blah/auth/realms/campi/.well-known/openid-configuration我得到了这个:
{
"issuer": "https://auth.mydomain.blah/auth/realms/campi",
"authorization_endpoint": "https://auth.mydomain.blah/auth/realms/campi/protocol/openid-connect/auth",
"token_endpoint": "http://keycloak:8080/auth/realms/campi/protocol/openid-connect/token",
"introspection_endpoint": "http://keycloak:8080/auth/realms/campi/protocol/openid-connect/token/introspect",
"userinfo_endpoint": "http://keycloak:8080/auth/realms/campi/protocol/openid-connect/userinfo",
"end_session_endpoint": "https://auth.mydomain.blah/auth/realms/campi/protocol/openid-connect/logout",
"jwks_uri": "http://keycloak:8080/auth/realms/campi/protocol/openid-connect/certs", …我有一个反应前端和节点后端,由于某种原因它不会向后端发出正确的请求。
nginx给出的错误日志
111: Connection refused) while connecting to upstream, server: _, request: "GET /api/info HTTP/1.1", upstream: "http://127.0.0.1:5000/info"
我注意到它提出了错误的请求,因为http://127.0.0.1:5000/info应该是http://127.0.0.1:5000/api/info
我的默认配置
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/{{AppName}}/frontend/build;
server_name {{myDomainName}};
location / {
try_files $uri $uri/ =404;
}
location /api/ {
proxy_pass http://localhost:5000/;
}
当我访问我的网站时,它只是显示错误 404
我正在尝试创建一个 https 地址的 proxy_pass (我的 nginx 使用纯 HTTP 协议在 80 下运行)。
这是我在conf文件中的声明:
location /viacep/ {
proxy_pass https://viacep.com.br/;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
好吧,这个想法是,当我输入时,localhost/viacep/ws/09340400/json我在引擎盖下得到了以下地址解析: https: //viacep.com.br/ws/09340400/json。但我在 error.log 文件中收到以下错误:
2021/12/28 09:32:59 [error] 34664#0: *1 upstream prematurely closed connection while reading response header from upstream, client: 127.0.0.1, server: , request: "GET /viacep/ws/09540400/json HTTP/1.1", upstream: "https://165.227.126.241:443/ws/09540400/json", host: "localhost"
我想这个错误是由于地址解析(https://165.227.126.241:443/ws/09540400/json)而发生的,使用IP而不是DNS查看它。
编辑1
我尝试添加proxy_ssl_server_name on;但同样的错误。
最近我安装了 Jenkins 服务器,并想将其隐藏在 Nginx 代理后面。我的 Nginx 代理工作正常,我阅读了限制 Jenkins 的内容,127.0.0.1:8080因此,我编辑了配置文件/etc/default/jenkins并添加了以下代码行:
JENKINS_ARGS="--webroot=/var/cache/$NAME/war --httpPort=8080 --httpListenAddress=127.0.0.1"
重新启动詹金斯后,我仍然可以访问端口上的詹金斯8080
环境:
乌班图20.04
OpenJDK 11
詹金斯2.332.1
网络统计输出:
sudo netstat -plnt
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 2313/java
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 970/nginx: master p
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN 708/systemd-resolve
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 946/sshd: /usr/sbin
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 757/cupsd …一直致力于设置 JFrog Container Repository 并且遇到了设置 Docker Repository Ports 的问题。
我已经完成并将 Nginx 设置为反向代理,并生成了一个工作站点可用的 conf 文件
## add ssl entries when https has been set in config
ssl_certificate /etc/nginx/ssl/secret.crt;
ssl_certificate_key /etc/nginx/ssl/secret.key;
ssl_session_cache shared:SSL:1m;
ssl_prefer_server_ciphers on;
## server configuration
server {
listen 443 ssl;
listen 80 ;
server_name subdomain.domain.com;
if ($http_x_forwarded_proto = '') {
set $http_x_forwarded_proto $scheme;
}
## Application specific logs
## access_log /var/log/nginx/artifactory.jfrog.com-access.log timing;
## error_log /var/log/nginx/artifactory.jfrog.com-error.log;
rewrite ^/$ /artifactory/webapp/ redirect;
rewrite ^/artifactory/?(/webapp)?$ /artifactory/webapp/ redirect;
chunked_transfer_encoding on;
client_max_body_size 0;
location / …尝试配置 Nginx 有两个目的:
由于我们使用默认配置和镜像指令时遇到了非常低的性能,因此我们决定尝试使用反向代理来检查是否对服务器有影响,并且确实看起来 nginx 将流量限制了几乎一半(我们正在使用 Locust和 Jmeter 作为加载工具)
Nginx 版本:1.19.4
尝试了10 个提高 10 倍应用程序性能的技巧并调整 NGINX 性能, 但没有效果。运行 nginx 和 tomcat 的机器应该足够强大(EC2 c5.4XLarge),我们没有看到资源缺乏,但网络上限更多。TIME_WAIT 连接数非常高 (20k-40k)
从机器角度:
Nginx视角(之后添加nginx.conf):
nginx.conf:
user nginx;
worker_processes 10;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
worker_rlimit_nofile 100000;
events {
worker_connections 3000;
}
http {
include /etc/nginx/mime.types;
default_type …nginx performance-testing tomcat7 centos7 nginx-reverse-proxy