使用这个 nginx 配置代码:
#
# Nginx virtual host config file - managed by Ansible
#
# mytestpage
#
# Force HTTP requests to HTTPS
server {
listen 80;
server_name www.mytestpage.com mytestpage.com;
return 301 https://www.mytestpage.com$request_uri;
}
# include servers/default.conf;
server {
#in the future we are going to use http2 we will enable the following line:
#listen 443 ssl http2;
listen 443 ssl;
# include servers/default.conf;
root /var/opt/httpd/ebdocs;
server_name www.mytestpage.com mytestpage.com;
# add Strict-Transport-Security to prevent man in the middle attacks
add_header Strict-Transport-Security "max-age=31536000" always;
ssl_certificate /etc/pki/tls/certs/certificate_com.pem;
ssl_certificate_key /etc/pki/tls/certs/certificate_com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!MD5;
access_log /var/log/nginx/eblogs/https/access.log;
error_log /var/log/nginx/eblogs/https/error.log;
#include whitelist/default.conf;
include rewrites/default.conf;
index index.php index.html index.htm;
# Make nginx serve static files instead of Apache
# NOTE this will cause issues with bandwidth accounting as files wont be logged
location ~* \.(gif|jpg|jpeg|png|wmv|avi|mpg|mpeg|mp4|htm|html|js|css|svg)$ {
expires max;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_ssl_server_name on;
proxy_ssl_name $host;
proxy_pass https://127.0.0.1:4433;
}
# proxy the PHP scripts to Apache listening on <serverIP>:8080
location ~ \.php$ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_ssl_server_name on;
proxy_ssl_name $host;
proxy_pass https://127.0.0.1:4433;
}
location ~ /\. {
deny all;
}
set_real_ip_from 195.234.12.3; # Ip/network of the reverse proxy (or ip received into REMOTE_ADDR)
real_ip_header Incap-Client-IP;
# restrict access to the admin to internal users
location ~ ^/(wp-admin|wp-login\.php) {
try_files $uri $uri/ /index.php?$args;
index index.html index.htm index.php;
allow 123.123.42.3;
deny all;
}
location /wp-admin/admin-ajax.php {
allow all;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
我收到此错误:
"[error] 576#576: *4578331 access forbidden by rule, client: 123.123.42.3, server: www.mytestpage.com, request: "GET /wp-admin/ HTTP/1.1", host: "www.mytestpage.com", referrer: "https://www.mytestpage.com/wp-login.php""
当我想登录我的 wordpress 网站时。
对于不是123.123.42.3(不是实际 IP),但我使用 incapsula 作为代理使用该 IP 访问网站。
奇怪的是,完全相同的配置(当然只是服务器名称不同)在我服务器上的其他网站上运行良好,但在这个网站上却不行。
任何帮助都将不胜感激。