nginx 循环重定向到 Varnish SSL 实现

2024-5-30 • tag-icon

我正在尝试在启用 SSL 的网站上实施 varnish。但我遇到了循环重定向。这就是我要做的事情

varnish 正在监听 80 端口；

DAEMON_OPTS="-a :80 \
         -T localhost:6082 \
         -f /etc/varnish/default.vcl \
         -S /etc/varnish/secret \
         -s malloc,256m"

和后端

backend default {
.host = "127.0.0.1";
.port = "8080";
.connect_timeout = 16s;
.first_byte_timeout = 96s;
.between_bytes_timeout = 8s;

}

nginx 在 8080 上运行。nginx 配置

upstream backend {   
  ip_hash;
  server 127.0.0.1:80; # IP goes here.
}

server {   
    listen        443 ssl;
    server_name   example.com www.example.com;
    root       /var/www/test/public;
    index           index.php;


    ssl_certificate      /var/www/ascacacaa1341.crt;
    ssl_certificate_key  /var/www/www.example.com.key;

    ssl_session_cache    shared:SSL:10m;
    ssl_session_timeout  10m;

    ssl_ciphers  HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers  on;

    location / {
        try_files   $uri $uri/ /index.php?$query_string;
        proxy_pass http://backend;
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;          
        proxy_set_header X-Forwarded-Port 443;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header Host $host;
        proxy_set_header X-Secure on;
 }
 location ~ \.php$ {
        try_files $uri =404;
        fastcgi_split_path_info ^(.+\.php)(/.+)$;
        include        fastcgi_params;
        fastcgi_pass   127.0.0.1:9000;
        fastcgi_index  index.php;
        fastcgi_param  SCRIPT_FILENAME  /var/www/test/public$fastcgi_script_name;
        }
     location /var/www/test/public {
         autoindex on;
         autoindex_exact_size off;
        }  
    # We don't need .ht files with nginx.
        location ~ /\.htaccess {
            deny all;
        }

        # Set header expirations on per-project basis
         location ~* \.(?:ico|css|js|jpe?g|JPG|png|svg|woff)$ {
            expires 365d;
        }
}

server {

    listen 8080;       
    server_name  example.com www.example.com;
    return https://$server_name$request_uri;


}





tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      30700/nginx
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      30479/varnishd
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      30700/nginx
tcp        0      0 127.0.0.1:6082          0.0.0.0:*               LISTEN      30475/varnishd
tcp6       0      0 :::80                   :::*                    LISTEN      30479/varnishd

curl 响应 curl -I -k https://www.domain.com

HTTP/1.1 302 Moved Temporarily
Server: nginx/1.6.2
Date: Mon, 03 Nov 2014 10:38:31 GMT
Content-Type: text/html
Content-Length: 160
Connection: keep-alive
Location: https://www.domain.com/
X-Varnish: 623340 361289
Age: 280
Via: 1.1 varnish-v4

它对 SSL 确实很有效。代理重定向不起作用。我正在重定向到 varnish 正在监听的端口 80。但我仍然得到循环重定向。从检查中我发现 net::ERR_TOO_MANY_REDIRECTS。错误。任何人都可以在这里提供帮助。我在同一个服务器中拥有更多域和子域。但我不想仅在 SSL 域上实施 varnish。

答案1

问题在于：

server_name  www.example.com example.com

...    

location / {
   rewrite ^ https://$server_name$request_uri permanent;
}

您正在响应端口 8080 上的域www.example.com和example.com请求并重定向到，www.example.com因为当您愿意响应 https 请求时，server_name它将始终匹配第一个值。server_nameexample.com

因此将该服务器块更改为：

server {
    listen 8080;
    server_name example.com www.example.com;
    return https://$server_name$request_uri;
}

顺便说一句，当您不需要时，请停止使用重写/正则表达式。

答案1

相关内容