我正在尝试在启用 SSL 的网站上实施 varnish。但我遇到了循环重定向。这就是我要做的事情
varnish 正在监听 80 端口;
DAEMON_OPTS="-a :80 \
-T localhost:6082 \
-f /etc/varnish/default.vcl \
-S /etc/varnish/secret \
-s malloc,256m"
和后端
backend default {
.host = "127.0.0.1";
.port = "8080";
.connect_timeout = 16s;
.first_byte_timeout = 96s;
.between_bytes_timeout = 8s;
}
nginx 在 8080 上运行。nginx 配置
upstream backend {
ip_hash;
server 127.0.0.1:80; # IP goes here.
}
server {
listen 443 ssl;
server_name example.com www.example.com;
root /var/www/test/public;
index index.php;
ssl_certificate /var/www/ascacacaa1341.crt;
ssl_certificate_key /var/www/www.example.com.key;
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_ciphers HIGH:!aNULL:!MD5;
ssl_prefer_server_ciphers on;
location / {
try_files $uri $uri/ /index.php?$query_string;
proxy_pass http://backend;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-Secure on;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
include fastcgi_params;
fastcgi_pass 127.0.0.1:9000;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/test/public$fastcgi_script_name;
}
location /var/www/test/public {
autoindex on;
autoindex_exact_size off;
}
# We don't need .ht files with nginx.
location ~ /\.htaccess {
deny all;
}
# Set header expirations on per-project basis
location ~* \.(?:ico|css|js|jpe?g|JPG|png|svg|woff)$ {
expires 365d;
}
}
server {
listen 8080;
server_name example.com www.example.com;
return https://$server_name$request_uri;
}
tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 30700/nginx
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 30479/varnishd
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 30700/nginx
tcp 0 0 127.0.0.1:6082 0.0.0.0:* LISTEN 30475/varnishd
tcp6 0 0 :::80 :::* LISTEN 30479/varnishd
curl 响应 curl -I -k https://www.domain.com
HTTP/1.1 302 Moved Temporarily
Server: nginx/1.6.2
Date: Mon, 03 Nov 2014 10:38:31 GMT
Content-Type: text/html
Content-Length: 160
Connection: keep-alive
Location: https://www.domain.com/
X-Varnish: 623340 361289
Age: 280
Via: 1.1 varnish-v4
它对 SSL 确实很有效。代理重定向不起作用。我正在重定向到 varnish 正在监听的端口 80。但我仍然得到循环重定向。从检查中我发现 net::ERR_TOO_MANY_REDIRECTS。错误。任何人都可以在这里提供帮助。我在同一个服务器中拥有更多域和子域。但我不想仅在 SSL 域上实施 varnish。
答案1
问题在于:
server_name www.example.com example.com
...
location / {
rewrite ^ https://$server_name$request_uri permanent;
}
您正在响应端口 8080 上的域www.example.com
和example.com
请求并重定向到,www.example.com
因为当您愿意响应 https 请求时,server_name
它将始终匹配第一个值。server_name
example.com
因此将该服务器块更改为:
server {
listen 8080;
server_name example.com www.example.com;
return https://$server_name$request_uri;
}
顺便说一句,当您不需要时,请停止使用重写/正则表达式。