NextCloud 和 Guacamole 采用相同的反向代理

tag-icon tag-icon networking proxy nginx guacamole
NextCloud 和 Guacamole 采用相同的反向代理

我有 3 台服务器运行在 3 个独立的虚拟机上。一台处理域请求和反向代理,另外两台处理反向代理并添加 SSL 加密。第一台服务运行 NextCloud(PHP-FPM 7、Nginx、MariaDB),第二台运行 Guacamole(Jetty、Guacd、MySQL)。这两项服务独立运行,没有问题。每项服务都可以反向代理,没有问题。我已按照两家提供商的说明根据需要配置反向代理。

当我尝试从同一个 nginx 反向代理提供这两项服务时(以便正确路由 guac.domain.com 和 cloud.domain.com),Guacamole 服务仍然可访问,但 NextCloud 停止响应并仅返回 502 错误。如果我关闭 Guacamole 浏览器窗口几分钟,云将再次可访问。我看不到任何日志文件中指向问题的内容(网关超时除外)

反向代理配置如下:

worker_processes 2;

events {
    worker_connections 1024;
}

http {
    include mime.types;
    default_type application/octet-stream;
    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    access_log logs/access.log main;
    error_log /var/log/nginxerror.log warn;
    sendfile off;
    keepalive_timeout 65;
    gzip off;
    server_tokens off;

#default for non-configured domains and IP address
    server {
        return 404;
    }


    include /usr/local/etc/nginx/nginx-sites/*.conf;

}

/usr/local/etc/nginx/nginx-sites/*.conf 包含两个配置:

NextCloud 代理:

server {
    server_name cloud.domain.com;
    listen 80; 
#redirect visitors to the HTTPS version of the site
    location / {
        return 301 https://$server_name$request_uri;
    }
}

server {
    server_name cloud.domain.com;
    listen 443 ssl;

    #### unimportant SSL config

    access_log            /var/log/nginx/cloud.access.log;

    location / {
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_pass http://172.16.1.108;
        #proxy_read_timeout  90;
    }
}

鳄梨酱代理:

server {
    server_name guac.domain.com;
    listen 80;
#redirect visitors to the HTTPS version of the site
    location / {
        return 301 https://$server_name$request_uri;
    }
}

server {
    server_name guac.domain.com;
    listen 443 ssl;

    #### unimportant SSL config

    access_log            /var/log/nginx/guac.access.log;

    location / {
        auth_basic "Guac Login";
        auth_basic_user_file /usr/local/etc/nginx/nginx-sites/guac.pas;
        proxy_set_header        X-Real-IP $remote_addr;
        proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_http_version      1.1;
        proxy_set_header        Upgrade $http_upgrade;
        proxy_set_header        Connection $http_connection;
        proxy_cookie_path       /guacamole/ /;
        proxy_pass http://172.16.1.110:8080/guacamole/;
    }
}

我尝试将 cloud.domain.com 配置的 proxy_pass 指令更改为其他内部站点,这比 NextCloud 简单得多,代理仍可继续工作。我怀疑问题出在代理试图维护的 websocket 上,但我不知道如何调试它。

谢谢。

相关内容