我使用 nginx 作为少数 Web 服务的代理,在 docker 容器中运行,使用以下配置。我的配置已达到所需配置的 90%,但最后一点问题让我感到困惑。运行此配置会导致错误消息。nginx: [emerg] invalid number of arguments in "try_files" directive in /etc/nginx/nginx.conf:75这对应于配置的这一块:
location / {
try_files $uri @proxy_to_appserver; # <--- this is line 75
}
location @proxy_to_appserver {
proxy_pass http://appserver/;
}
这是试图让 nginx 处理静态资源的请求,例如,请求images/cat.gif将在 Web 根目录中查找猫图片,如果未找到,则将请求发送到应用服务器。我找到的所有文档基本上都具有相同的语法,使用变量$uri后跟代理的命名位置。但配置中的其他内容一定将其变成了无效语法,或者还有其他明显的东西,我在盯着配置文件看了太久之后却看不到。
完整配置文件如下。我使用的是官方 nginx:1.11 docker 镜像,仅供参考。
worker_processes 4;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
upstream appserver {
server appserver:8000;
}
upstream rabbitmq {
server rabbitmq:15672;
}
upstream solr {
server solr:8983;
}
upstream flower {
server flower:5555;
}
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 10m;
ssl_session_tickets off;
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate /etc/ssl/my_application/certificate.chained.crt;
ssl_certificate_key /etc/ssl/my_application/certificate.key;
ssl_dhparam /etc/ssl/my_application/dhparam.pem;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
ssl_prefer_server_ciphers on;
# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/ssl/my_application/trustchain.crt;
resolver 131.243.5.1 8.8.8.8 8.8.4.4;
# HSTS header (15768000 == 6 months)
add_header Strict-Transport-Security max-age=15768000;
client_body_buffer_size 10k;
client_header_buffer_size 1k;
client_max_body_size 50m;
large_client_header_buffers 2 1k;
client_body_timeout 12;
client_header_timeout 12;
keepalive_timeout 5;
send_timeout 10;
gzip on;
gzip_comp_level 2;
gzip_min_length 1000;
gzip_proxied expired no-cache no-store private auth;
gzip_types text/plain text/css text/xml text/javascript application/javascript application/json application/x-javascript application/xml application/xml+rss;
root /var/www;
location / {
try_files $uri @proxy_to_appserver; # <--- this is line 75
}
location @proxy_to_appserver {
proxy_pass http://appserver/;
}
location /flower {
return 301 /flower/;
}
location /flower/ {
proxy_pass http://flower/;
}
location /rabbitmq {
return 301 /rabbitmq/;
}
location /rabbitmq/ {
proxy_pass http://rabbitmq/;
}
location /solr {
return 301 /solr/;
}
location /solr/ {
proxy_pass http://solr/solr/;
}
error_page 500 502 503 504 /static/500.html;
}
}
更新:对于任何未来发现这一点的人来说……我最终完全摆脱了try_files命名的位置。第 75 行左右的问题部分被替换为:
location /static {
}
location /uploads {
}
location / {
proxy_pass http://appserver/;
}
这是可行的,因为 appserver 容器使用的所有文件都在/var/www/static或下/var/www/uploads。这还将代理的布局镜像到其他服务,因此配置仍然很简单。
答案1
根据评论:
与我在评论中写的内容相反,此指令
try_files $uri @proxy_to_appserver有效且正确。我刚刚检查并测试了这一点。/从指令中删除尾随部分proxy_pass http://appserver/解决了这个问题:nginx:[emerg]“proxy_pass”不能在正则表达式给出的位置、命名位置内、“if”语句内或 /etc/nginx/nginx.conf:78 中的“limit_except”块内有 URI 部分