首先对我的英语水平表示抱歉。
我正在尝试在 nginx 配置文件中创建一个位置,以便通过代理将发往该位置的所有请求发送到另一个端口。所有其他请求都应发送到本地服务器,因此我使用“catch-all”位置来执行此操作。
我的配置如下:
server {
server_name example.com;
listen *:80;
root /web/;
index index.php index.html;
autoindex off;
# Logs
access_log /var/log/nginx/web.log;
error_log /var/log/nginx/web_err.log;
# WordPress multisite by path
if (!-e $request_filename) {
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
rewrite ^(/[^/]+)?(/wp-.*) $2 last;
rewrite ^(/[^/]+)?(/.*\.php) $2 last;
}
# Bloqueando zonas sensibles
if ($request_uri ~* /(readme.html|license.txt|install.php|wp-config.php|fantastico_fileslist.txt|fantversion.php).*) {
return 444;
}
# Behind proxy
set_real_ip_from 0.0.0.0/16;
real_ip_header X-Forwarded-For;
# Cache (A revisar)
open_file_cache max=2000 inactive=20s;
open_file_cache_valid 60s;
open_file_cache_min_uses 5;
open_file_cache_errors off;
# Compression
# Enable Gzip compressed.
gzip on;
# Enable compression both for HTTP/1.0 and HTTP/1.1.
gzip_http_version 1.1;
gzip_disable "msie6";
# Don't compress anything that's already small and unlikely to shrink much
# if at all (the default is 20 bytes, which is bad as that usually leads to
# larger files after gzipping).
gzip_min_length 256;
# Compress data even for clients that are connecting to us via proxies,
# identified by the "Via" header (required for CloudFront).
gzip_proxied any;
# Tell proxies to cache both the gzipped and regular version of a resource
# whenever the client's Accept-Encoding capabilities header varies;
# Avoids the issue where a non-gzip capable client (which is extremely rare
# today) would display gibberish if their proxy gave them the gzipped version.
gzip_vary on;
# Compress all output labeled with one of the following MIME-types.
gzip_types
application/atom+xml
application/javascript
application/json
application/rss+xml
application/vnd.ms-fontobject
application/x-font-ttf
application/x-web-app-manifest+json
application/xhtml+xml
application/xml
font/opentype
image/svg+xml
image/x-icon
text/css
text/plain
text/x-component;
# Compression level (1-9).
# 5 is a perfect compromise between size and cpu usage, offering about
# 75% reduction for most ascii files (almost identical to level 9).
gzip_comp_level 5;
# Oculta la versión del servidor nginx
server_tokens off;
# DOS
limit_conn conn_limit_per_ip 10;
limit_req zone=req_limit_per_ip burst=25 nodelay;
limit_conn_status 499;
## Block download agents
if ($http_user_agent ~* LWP::Simple|wget|libwww-perl) {
return 403;
}
## Block some nasty robots
if ($http_user_agent ~ Abonti|aboutthedomain|AhrefsBot|Baidu|betaBot|Baiduspider|BLEXBot|email|FatBot|Havij|htmlparser|httrack|iisbot|Lipperhey|LoadImpactPageAnalyzer|LoadImpactRload|ltx71|LWP::simple|Mail.Ru|MetaURI|MJ12bot|Purebot|safebot|scan|scrapboti|semanticbot|SeznamBot|ShopWiki|Skrapebot|Sogou|spider|Stratagems|Twengabot|Twitterbot|Typhoeus|UnisterBot|WebCollector|WebCopier|WebCopy|webcraw|WinHTTrack|Wotbox|YandexBot|Zeus) {
return 403;
}
location ~ .(gif|png|jpe?g)$ {
valid_referers none blocked www.example.com;
if ($invalid_referer) {
return 403;
}
}
# deny scripts inside writable directories
location ~* /(var|images|cache|media|logs|tmp)/.*.(php|pl|py|jsp|asp|sh|cgi)$ {
return 403;
}
## Only allow these request methods ##
if ($request_method !~ ^(GET|POST|HEAD)$ ) {
return 403;
}
# Protect other sensitive files
location ~ (/(.git/|backup-db/|.htaccess|.*sql)|/\.+) {
return 403;
}
## Start: Size Limits & Buffer Overflows ##
client_body_buffer_size 12K;
client_header_buffer_size 12K;
# 413 (Request Entity Too Large)
client_max_body_size 25M;
# 414 (Request-URI Too Large)
# 400 (Bad Request)
large_client_header_buffers 2 12K;
## END: Size Limits & Buffer Overflows ##
## Start: Timeouts ##
# 408 (Request Time-out)
client_body_timeout 10s;
# 408 (Request Time-out)
client_header_timeout 10s;
keepalive_timeout 5s 5;
send_timeout 10s;
## End: Timeouts ##
location / {
try_files $uri $uri/ /index.php?$args; # make index.php handle requests for /
access_log off; # do not log access to static files
expires max; # cache static files aggressively
}
location ~* \.(eot|ttf|woff|woff2)$ {
add_header Access-Control-Allow-Origin *;
}
location ~*\.(jpeg|jpg|gif|png|css|js|ico|swf|gz|svg|svgz|ttf|otf|woff|eot|mp4|ogg|ogv|webm|zip)$ {
try_files $uri $uri/ @proxy; # look for static files in root directory and ask backend if not successful
expires max;
#add_header Access-Control-Allow-Origin "*";
sendfile on;
sendfile_max_chunk 1m;
access_log off;
}
# Locations extas
location ^~ /annualreport/ {
proxy_pass http://127.0.0.1:8080/;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Host $host:$server_port;
}
location @proxy {
fastcgi_pass php_backend_pool1; # proxy everything from this location to backend
}
location ~\.php$ { try_files $uri =404; # if reference to php executable is invalid return 404
expires off; # no need to cache php executable files
fastcgi_read_timeout 600;
fastcgi_send_timeout 600;
fastcgi_buffers 8 8k;
fastcgi_buffer_size 8k;
fastcgi_intercept_errors on;
fastcgi_keep_conn on; # use persistent connects to backend
include fastcgi_params;
fastcgi_param HTTPS on;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass php_backend_pool1;
}
}
我的问题是,当我尝试使用该位置时,仅当文件不是 php 文件时才有效:
例如这些作品:
/otherlocation/
/otherlocation/file.html
/otherlocation/myimage.jpg
但这些是由本地服务器处理的,而是使用代理传递:
/otherlocation/index.php
/otherlocation/somefile.php
有没有办法强制所有以 /otherlocation 开头的位置通过 proxy_pass,即使文件是 php?
谢谢!!
编辑: 我已经发布了整个配置文件。
我正在思考这个问题,也许最好的选择是创建两个监听本地主机的虚拟主机,然后创建一个主代理来从中进行选择。