从互联网到内部 nginx ssl 反向代理的端口转发

从互联网到内部 nginx ssl 反向代理的端口转发

我正在尝试配置一个 dockerized nginx ssl 反向代理,它将请求转发到它旁边的另一个容器,该容器正在监听端口 8443 上的 ssl 连接。我正尝试将来自端口 1111 上的互联网请求转发到内部 nginx 代理,监听 443。所以<internet requests> -> router:1111 -> nginx_container:443 -> backend_app_container:8443。当我尝试从互联网连接到它时,我得到了不同的结果。第一个页面可以正常工作,但 POSTing 身份验证导致 302 重定向失败。我当前的配置如下:

    server  {

  listen  80;   
  #server_name  *.domain.com;
  return 301 https://$host$request_uri;
}

server  {
  listen  443 ssl;   
  #server_name <my_site>.com;
  ssl  on;
  location  / {
    return  404;
  }
}

server  {
  listen  *:443 default ssl;
  location  / {
    proxy_set_header   Host             $host;
    proxy_set_header   X-Real-IP        $remote_addr;
    proxy_set_header   X-Forwarded-For  $proxy_add_x_forwarded_for;

    proxy_pass  https://backend_app:8443/;
    proxy_redirect off;
  }

  proxy_set_header Host $http_host;
  proxy_set_header X-Forwarded-For $remote_addr;
  proxy_set_header X-Forwarded-Proto $scheme;
}

有时可以进入第一页,有时则不行,并出现 302 超时失败:

internet_host_1 - - [05/Jan/2018:14:30:57 +0000] "GET /backend_app/static/cozmQY8MS7QySFhOmPMMiatlibNLY61rwdkq7L64XXJ.js HTTP/1.1" 200 52923 "https://router:1111/backend_app/login/auth" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36" "-"

internet_source_3 - - [05/Jan/2018:14:31:05 +0000] "GET /backend_app HTTP/1.1" 302 5 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36" "-"
internet_source_3 - - [05/Jan/2018:14:31:41 +0000] "GET /backend_app/ HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.132 Safari/537.36" "-"

尝试登录也超时并出现 302 错误:

internet_host_1 - - [05/Jan/2018:14:32:02 +0000] "POST /backend_app/j_spring_security_check HTTP/1.1" 302 0 "https://router:1111/backend_app/login/auth" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.108 Safari/537.36" "-"

请问我做错了什么?我很困惑。

相关内容