我有一个nginx.conf包含四个不同主机和一个 http 到 https 重定向的服务器。所有主机的配置都类似,因此我仅包含主机 2、3 和 4 的不同部分。
events {}
http {
proxy_send_timeout 120;
proxy_read_timeout 300;
proxy_buffering off;
keepalive_timeout 5 5;
tcp_nodelay on;
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name confluence6.company.com;
# allow large uploads of files
client_max_body_size 1G;
# optimize downloading files larger than 1G
#proxy_max_temp_file_size 2G;
ssl_certificate /etc/letsencrypt/live/confluence6.company.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/confluence6.company.com/privkey.pem;
# from Certbot
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
resolver 127.0.0.11;
set $confluence_old "confluence6:8090/";
proxy_pass http://$confluence_old;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto "https";
}
}
server {
listen 443 ssl;
server_name confluence7.company.com;
...
location / {
resolver 127.0.0.11;
set $confluence "confluence7:8090/";
proxy_pass http://$confluence;
...
}
}
server {
listen 443 ssl;
server_name jira7.company.com;
...
location / {
resolver 127.0.0.11;
set $jira_old "jira7:8080/";
proxy_pass http://$jira_old;
...
}
}
server {
listen 443 ssl;
server_name jira8.company.com;
...
location / {
resolver 127.0.0.11;
set $jira "jira8:8080/";
proxy_pass http://$jira;
...
}
}
}
在这一location部分中,我使用 resolver 和 proxy_pass 作为变量,这样当并非所有主机都启动时,nginx 就会启动(解决方案来自这里)。不幸的是,我ERR_TOO_MANY_REDIRECTS现在无法与任何主机建立连接。
直接设置proxy_pass即可删除重定向循环:
location / {
resolver 127.0.0.11;
proxy_pass http://jira8:8080/;
...
}
但是如果所有主机都没有启动,我就无法启动 nginx。目前我有一个解决方法,就是始终注释掉所有不工作的主机。
所有主机都是 docker 容器,配置为像这样传递 https:
jira8:
container_name: jira8
environment:
ATL_PROXY_NAME: jira8.company.com
ATL_PROXY_PORT: "443"
ATL_TOMCAT_SCHEME: https
ATL_TOMCAT_SECURE: "true"
JVM_MAXIMUM_MEMORY: 3072m
expose:
- "8080"
image: atlassian/jira-software:8.11
networks:
atlassian-network:
aliases:
- jira8
ports:
- "8081:8080"
restart: always
volumes:
- /root/jira-home:/var/atlassian/application-data/jira
- /root/mysql-connector-java-5.1.45-bin.jar:/opt/atlassian/jira/lib/mysql-connector-java-5.1.45-bin.jar
nginx.conf为了不出现重定向循环并且即使并非所有主机都启动,仍然能够启动 nginx,我应该怎么做?
答案1
我看到的唯一重定向是从 HTTP 到 HTTPS 的 301。在测试阶段不要使用 301!最好使用临时 303。你能在所有地方配置你的 Confluence 以提供 HTTPS 而不是 HTTP 吗?那么你就不应该得到无休止的重定向。否则,你也可以拦截和重写来自后端的重定向 - 发送到客户端(并由客户端执行)。https://serverfault.com/a/986034/304842