nginx 反向代理重定向到错误的服务器

tag-icon tag-icon nginx ssl reverse-proxy redirect
nginx 反向代理重定向到错误的服务器

这是我的问题。我有 3 个物理服务器位于同一个 IP 地址后面,使用反向 nginx 代理(在快速 pfsense 盒上运行)来引导 http/https 流量(2 个服务器托管 > 1 个站点)。我已经在 nginx 上设置了所有加密密钥,LAN 上有简单的未加密流量。所有传入端口 80 流量都已使用 NAT 规则重定向到端口 9999,而所有传入端口 443 流量都已重定向到端口 444。我的所有站点都运行良好,包括 http 和 https 连接......除了 site3。我的 DNS 已设置为将所有“site3.com”流量重定向到“www.site3.com”,并将所有 http 重定向到发往 site3 的 https。代理应该重定向到 10.0.0.98:80,但它一直重定向到 10.0.0.99:80。即使输入https://www.site3.com重定向至http://site4.com。site3 上没有 .htaccess 规则,它是 10.0.0.98 上唯一的站点。10.0.0.98 上的 SSL 已被禁用,就像我的所有上游服务器一样。这是我简化的 nginx.conf 文件。谢谢。

    server {
                listen 9999;
                listen 444 ssl;
                server_name www.site3.com;

                ssl_certificate      /etc/nginx/ssl/site3.com/server-nginx.crt;
                ssl_certificate_key  /etc/nginx/ssl/site3.com/nophrase.key;

                location / {
                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header X-Forwarded-Host $server_name;
                        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                        proxy_set_header X-Forwarded-Proto $scheme;
                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header Host $host;
                        proxy_pass http://10.0.0.98:80;
                        }
        }
        server {
                listen 9999;
                server_name www.site2.com;

                location / {
                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header Host $host;
                        proxy_pass http://10.0.0.99:80;
                }
        }
        server {
                listen 9999;
                server_name site4.com;

                location / {
                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header Host $host;
                        proxy_pass http://10.0.0.99:80;
                }
        }
        server {
                listen 9999;
                server_name blog.site4.com;

                location / {
                        proxy_set_header X-Real-IP $remote_addr;
                        proxy_set_header Host $host;
                        proxy_pass http://10.0.0.99:80;
                }
        }
        server {
            listen 444 ssl;
            listen 9999;
            server_name www.ultrasoundoftheweek.com;

            ssl_certificate      /etc/nginx/ssl/ultrasoundoftheweek.com/server-nginx.crt;
            ssl_certificate_key  /etc/nginx/ssl/ultrasoundoftheweek.com/nophrase.key;

            location / {
                    proxy_set_header X-Real-IP $remote_addr;
                    proxy_set_header Host $host;
                    proxy_pass http://10.0.0.99:80;
            }
    }

这是尝试访问 site3 时的反向代理 nginx 日志:

108.162.237.66 - - [24/Aug/2016:15:54:21 -0400] "GET / HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7"
10.0.1.5 - - [24/Aug/2016:15:54:21 -0400] "GET / HTTP/1.1" 200 9513 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7"
10.0.1.5 - - [24/Aug/2016:15:54:22 -0400] "GET /?action=display_custom_css_code HTTP/1.1" 200 216 "http://site4.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7"

在 site3 服务器上运行的 nginx 日志为空。两个 nginx 日志中均未抛出任何错误。

如果我运行,curl -v "https://www.site3.com"这里就是输出。

* Rebuilt URL to: https://www.site3.com/
*   Trying 104.28.17.97...
* Connected to www.site3.com (104.28.17.97) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 696 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_ECDSA_AES_128_GCM_SHA256
*    server certificate verification OK
*    server certificate status verification SKIPPED
*    common name: sni53799.cloudflaressl.com (matched)
*    server certificate expiration date OK
*    server certificate activation date OK
*    certificate public key: EC
*    certificate version: #3
*    subject: OU=Domain Control Validated,OU=PositiveSSL Multi-Domain,CN=sni53799.cloudflaressl.com
*    start date: Mon, 22 Aug 2016 00:00:00 GMT
*    expire date: Sun, 26 Feb 2017 23:59:59 GMT
*    issuer: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO ECC Domain Validation Secure Server CA 2
*    compression: NULL
* ALPN, server accepted to use http/1.1
> GET / HTTP/1.1
> Host: www.site3.com
> User-Agent: curl/7.47.0
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Date: Wed, 24 Aug 2016 20:09:32 GMT
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: __cfduid=d80824d4f3a3b4e60454b09f99c8d75fc1472069372; expires=Thu, 24-Aug-17 20:09:32 GMT; path=/; domain=.site3.com; HttpOnly
< Location: http://site4.com/
< Server: cloudflare-nginx
< CF-RAY: 2d7971497bd337c8-ATL

来自代理 sonoclipshare (site3) conf 文件的详细错误日志:

016/08/24 16:43:26 [info] 51553#0: *329 client sent invalid method while reading client request line, client: 180.97.106.162, server: sonoclipshare.com, request: "^D^A^@P\xb4\xa3qR^@"
2016/08/24 17:00:13 [info] 51553#0: *551 client closed connection while waiting for request, client: 67.11.47.233, server: 0.0.0.0:444

答案1

当我点击链接时http://5minsono.com/我看到第二个网站出现http://5minsono.com/。我认为这是你的问题。

301 重定向由 site3.com 的 proxy_pass 指向的内容发出,http://10.0.0.98:80。您需要查看该应用程序,以找出它发出重定向的原因。Nginx 只是将其传递过去。据我所知,您没有提供任何有关代理背后的信息或其日志,因此提供的信息无法提供进一步的帮助。

相关内容