这是我的问题。我有 3 个物理服务器位于同一个 IP 地址后面,使用反向 nginx 代理(在快速 pfsense 盒上运行)来引导 http/https 流量(2 个服务器托管 > 1 个站点)。我已经在 nginx 上设置了所有加密密钥,LAN 上有简单的未加密流量。所有传入端口 80 流量都已使用 NAT 规则重定向到端口 9999,而所有传入端口 443 流量都已重定向到端口 444。我的所有站点都运行良好,包括 http 和 https 连接......除了 site3。我的 DNS 已设置为将所有“site3.com”流量重定向到“www.site3.com”,并将所有 http 重定向到发往 site3 的 https。代理应该重定向到 10.0.0.98:80,但它一直重定向到 10.0.0.99:80。即使输入https://www.site3.com重定向至http://site4.com。site3 上没有 .htaccess 规则,它是 10.0.0.98 上唯一的站点。10.0.0.98 上的 SSL 已被禁用,就像我的所有上游服务器一样。这是我简化的 nginx.conf 文件。谢谢。
server {
listen 9999;
listen 444 ssl;
server_name www.site3.com;
ssl_certificate /etc/nginx/ssl/site3.com/server-nginx.crt;
ssl_certificate_key /etc/nginx/ssl/site3.com/nophrase.key;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.98:80;
}
}
server {
listen 9999;
server_name www.site2.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.99:80;
}
}
server {
listen 9999;
server_name site4.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.99:80;
}
}
server {
listen 9999;
server_name blog.site4.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.99:80;
}
}
server {
listen 444 ssl;
listen 9999;
server_name www.ultrasoundoftheweek.com;
ssl_certificate /etc/nginx/ssl/ultrasoundoftheweek.com/server-nginx.crt;
ssl_certificate_key /etc/nginx/ssl/ultrasoundoftheweek.com/nophrase.key;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_pass http://10.0.0.99:80;
}
}
这是尝试访问 site3 时的反向代理 nginx 日志:
108.162.237.66 - - [24/Aug/2016:15:54:21 -0400] "GET / HTTP/1.1" 301 0 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7"
10.0.1.5 - - [24/Aug/2016:15:54:21 -0400] "GET / HTTP/1.1" 200 9513 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7"
10.0.1.5 - - [24/Aug/2016:15:54:22 -0400] "GET /?action=display_custom_css_code HTTP/1.1" 200 216 "http://site4.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/601.7.7 (KHTML, like Gecko) Version/9.1.2 Safari/601.7.7"
在 site3 服务器上运行的 nginx 日志为空。两个 nginx 日志中均未抛出任何错误。
如果我运行,curl -v "https://www.site3.com"
这里就是输出。
* Rebuilt URL to: https://www.site3.com/
* Trying 104.28.17.97...
* Connected to www.site3.com (104.28.17.97) port 443 (#0)
* found 173 certificates in /etc/ssl/certs/ca-certificates.crt
* found 696 certificates in /etc/ssl/certs
* ALPN, offering http/1.1
* SSL connection using TLS1.2 / ECDHE_ECDSA_AES_128_GCM_SHA256
* server certificate verification OK
* server certificate status verification SKIPPED
* common name: sni53799.cloudflaressl.com (matched)
* server certificate expiration date OK
* server certificate activation date OK
* certificate public key: EC
* certificate version: #3
* subject: OU=Domain Control Validated,OU=PositiveSSL Multi-Domain,CN=sni53799.cloudflaressl.com
* start date: Mon, 22 Aug 2016 00:00:00 GMT
* expire date: Sun, 26 Feb 2017 23:59:59 GMT
* issuer: C=GB,ST=Greater Manchester,L=Salford,O=COMODO CA Limited,CN=COMODO ECC Domain Validation Secure Server CA 2
* compression: NULL
* ALPN, server accepted to use http/1.1
> GET / HTTP/1.1
> Host: www.site3.com
> User-Agent: curl/7.47.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Date: Wed, 24 Aug 2016 20:09:32 GMT
< Content-Type: text/html; charset=UTF-8
< Transfer-Encoding: chunked
< Connection: keep-alive
< Set-Cookie: __cfduid=d80824d4f3a3b4e60454b09f99c8d75fc1472069372; expires=Thu, 24-Aug-17 20:09:32 GMT; path=/; domain=.site3.com; HttpOnly
< Location: http://site4.com/
< Server: cloudflare-nginx
< CF-RAY: 2d7971497bd337c8-ATL
来自代理 sonoclipshare (site3) conf 文件的详细错误日志:
016/08/24 16:43:26 [info] 51553#0: *329 client sent invalid method while reading client request line, client: 180.97.106.162, server: sonoclipshare.com, request: "^D^A^@P\xb4\xa3qR^@"
2016/08/24 17:00:13 [info] 51553#0: *551 client closed connection while waiting for request, client: 67.11.47.233, server: 0.0.0.0:444
答案1
当我点击链接时http://5minsono.com/我看到第二个网站出现http://5minsono.com/。我认为这是你的问题。
301 重定向由 site3.com 的 proxy_pass 指向的内容发出,http://10.0.0.98:80。您需要查看该应用程序,以找出它发出重定向的原因。Nginx 只是将其传递过去。据我所知,您没有提供任何有关代理背后的信息或其日志,因此提供的信息无法提供进一步的帮助。