我想将 nginx 配置为反向代理,根据传递的 URI 重定向到两个不同的 Kibana 主机。/重定向到标准和/october/10 月专用 Kibana。配置的第一部分( )运行良好,但尝试访问时/出现错误。我尝试注释掉第二部分()并在第一部分中替换为,然后我被重定向到 10 月平台。所以问题出在这个 nginx 配置上。Too many redirections/octoberlocation /october/localhost10.10.0.3
server {
listen 80;
server_name my.domain.io;
return 301 https://$server_name;
}
server {
listen 443 ;
ssl on;
ssl_certificate /etc/letsencrypt/live/my.domain.io/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/my.domain.io/privkey.pem;
server_name my.domain.io;
access_log /var/log/nginx/kibana.access.log;
error_log /var/log/nginx/kibana.error.log;
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /october/ {
proxy_pass http://10.10.0.3:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
}
答案1
感谢之前的回复,我找到了解决方案,但并不确切知道它“如何”和“为什么”起作用......
这是我的新配置:
server {
listen 80;
server_name my.domain.io;
return 301 https://$server_name;
}
server {
listen 443 ;
ssl on;
ssl_certificate /etc/letsencrypt/live/my.domain.io/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/my.domain.io/privkey.pem;
server_name my.domain.io;
access_log /var/log/nginx/kibana.access.log;
error_log /var/log/nginx/kibana.error.log;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location = /october {
return 302 /october/;
}
location /october/ {
proxy_pass http://10.10.0.3:5601/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
不需要proxy_redirect指令。诀窍是/在位置末尾添加一个/october,然后重定向/october到/october/302 代码。不要忘记您必须在 kibana.yml 文件中设置server.basePath为。"/october"
这篇文章对我有帮助:如何使用 nginx proxy_pass 删除路径
希望这会有所帮助...
答案2
我认为您的嵌套locations不正确,请尝试以下操作:
server {
listen 443 ;
ssl on;
ssl_certificate /etc/letsencrypt/live/my.domain.io/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/my.domain.io/privkey.pem;
server_name my.domain.io;
access_log /var/log/nginx/kibana.access.log;
error_log /var/log/nginx/kibana.error.log;
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location ~ ^/october.*$ {
proxy_pass http://10.10.0.3:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
答案3
使用给定的配置,对 的请求/october/some/path将按原样传递到您的第二个 Kibana 主机,该主机可能未配置为接收以 为前缀的请求/october。
我不知道 Kibana,但快速搜索后我发现了5.1 版配置文档它有一个server.basePath配置值。尝试将其设置为“/october”。
此外,正如文档所说,此值仅影响 Kibana 生成的 URL,您需要proxy_redirect向 nginx 配置添加一条指令并修改proxy_passnginx 指令,将以下内容附加/到后端 URL:
server {
listen 80;
server_name my.domain.io;
return 301 https://$server_name;
}
server {
listen 443 ;
ssl on;
ssl_certificate /etc/letsencrypt/live/my.domain.io/cert.pem;
ssl_certificate_key /etc/letsencrypt/live/my.domain.io/privkey.pem;
server_name my.domain.io;
access_log /var/log/nginx/kibana.access.log;
error_log /var/log/nginx/kibana.error.log;
location / {
auth_basic "Restricted";
auth_basic_user_file /etc/nginx/conf.d/kibana.htpasswd;
location / {
proxy_pass http://localhost:5601;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
location /october/ {
proxy_pass http://10.10.0.3:5601/;
proxy_redirect / /october/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
}
proxy_redirect重写“Location”和“Refresh”标头中返回的 URL,而附加的斜杠会导致代理模块剥离与 nginx“location”指令匹配的路径。这些有效地互相补充。
答案4
我认为实际原因在于一个字符,注意尾部斜杠 /:
proxy_pass http://10.10.0.3:5601;
proxy_pass http://10.10.0.3:5601/;
Nginx URI 代理 Kibana 也遇到了同样的问题。
TLDR:Nginx 代理配置中的尾部斜杠非常重要(在location和中都是如此proxy_pass)。经验法则:除非您知道自己在做什么,否则请保留它们。
- 官方文档(有点难以理解),http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_pass
- 这https://stackoverflow.com/questions/22759345/nginx-trailing-slash-in-proxy-pass-url尝试用不同的方法来解释它。
PS我的Nginx和Kibana 8.8.0.0配置:
auth_basic "Administrator's area";
auth_basic_user_file /etc/nginx/.htpasswd;
location /kibana/ {
proxy_pass http://kibana:5601/kibana/`enter code here`;
proxy_set_header Authorization "";
}
kibana:
<< : *service_defaults
image: ${KIBANA_IMAGE}
profiles: ['ui']
ports: ["5601:5601"]
environment:
- ELASTICSEARCH_URL=http://elasticsearch:9200
- ELASTICSEARCH_USERNAME=kibana_system
- ELASTICSEARCH_PASSWORD=${KIBANA_SYSTEM_PASSWORD}
# https://www.elastic.co/guide/en/kibana/current/settings.html
- SERVER_BASEPATH=/kibana
- SERVER_REWRITEBASEPATH=true
healthcheck:
<< : *healthcheck_defaults
test: [ "CMD-SHELL", "curl -L -u elastic:$ELASTIC_PASSWORD http://localhost:5601/kibana/api/status | grep 'All services are available'", ]
depends_on: { elasticsearch: { condition: service_healthy }}