我正在尝试设置一个 nginx 配置,其行为类似于我们的生产服务器,其中对端口 80 的请求被重定向到 443,当直接在您正在开发的开发机器上工作时它工作正常,但是如果您在另一台机器上并尝试从其 IP 访问开发箱,它将从 IP 重定向到本地主机。
例如,http://192.168.1.10 -> 301 -> https://localhost
由于我们有很多远程开发人员,因此在配置时我事先不知道开发箱的 IP 地址是什么。我尝试不定义属性server_name以及将其分配给_,但在这种情况下都不起作用。
除了为服务器名称分配一个虚假域名并让开发人员管理他们的主机文件之外,我还能做什么?
/etc/nginx/sites-available/default:
# ...
server {
listen 80;
server_name localhost;
return 301 https://$server_name$request_uri;
}
server {
listen 443 ssl;
server_name localhost;
add_header Strict-Transport-Security max-age=15768000;
ssl_certificate /etc/nginx/server.crt;
ssl_certificate_key /etc/nginx/server.key;
location / {
proxy_pass http://app_server;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
include "/etc/nginx/proxy_params"
}
location ~ ^/(login|logout) {
proxy_pass http://login_server;
include "/etc/nginx/proxy_params"
}
}
Curl 请求:
https://:
jared@Wash ➤ curl -v http://192.168.1.17
* Rebuilt URL to: http://192.168.1.17/
* Trying 192.168.1.17...
* Connected to 192.168.1.17 (192.168.1.17) port 80 (#0)
> GET / HTTP/1.1
> Host: 192.168.1.17
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.10.1
< Date: Tue, 19 Jul 2016 18:00:00 GMT
< Content-Type: text/html
< Content-Length: 185
< Connection: keep-alive
< Location: https://localhost/
<
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.10.1</center>
</body>
</html>
* Connection #0 to host 192.168.1.17 left intact
https://:
jared@Wash ➤ curl -vk https://192.168.1.17
* Rebuilt URL to: https://192.168.1.17/
* Trying 192.168.1.17...
* Connected to 192.168.1.17 (192.168.1.17) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 697 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_RSA_AES_256_GCM_SHA384
* server certificate verification SKIPPED
* server certificate status verification SKIPPED
* common name: localhost (does not match '192.168.1.17')
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: RSA
* certificate version: #3
* subject: ...
* start date: Mon, 18 Jul 2016 20:50:53 GMT
* expire date: Tue, 18 Jul 2017 20:50:53 GMT
* issuer: ...
* compression: NULL
* ALPN, server did not agree to a protocol
> GET / HTTP/1.1
> Host: 192.168.1.17
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 302 Found
< Server: nginx/1.10.1
< Date: Tue, 19 Jul 2016 18:00:36 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 37
< Connection: keep-alive
< X-Frame-Options: DENY
< Strict-Transport-Security: max-age=31536000; includeSubDomains
< Location: /app/
< Vary: Accept, Accept-Encoding
< set-cookie: ...; Path=/; HttpOnly; Secure
< Strict-Transport-Security: max-age=15768000
<
* Connection #0 to host 192.168.1.17 left intact
Found. Redirecting to /app/
答案1
看起来,根据您的 curl 请求和配置,您需要更改:
server {
listen 80;
server_name localhost;
return 301 https://$server_name$request_uri;
}
(插入 server_name 变量值本地主机放入字符串 https://$server_name$request_uri 中,结果为:https://本地主机$请求uri)
到
server {
listen 80;
server_name <External IP ADDRESS>;
return 301 https://$server_name$request_uri;
}
(这将产生https://IP 地址$请求uri)
更多信息:
如果有人使用 IP 地址而不是服务器名称发出请求,则“Host”请求标头字段将包含 IP 地址,并且可以使用 IP 地址作为服务器名称来处理该请求:
答案2
您可以使用这个:
server_name _ ;
这是“主机”标头包罗万象。
编辑
抱歉,我误解了你的部分问题。尝试更改
return 301 https://$server_name$request_uri;
到
return 301 https://$host$request_uri;
您可能想要更改/跳过server_name指令,以便它能够响应来自本地主机外部的请求。