我正在尝试在 docker 下使用 nginx 设置反向代理,以便能够通过不同的location
指令访问“后端”设备(nas 登录页面、路由器登录页面),proxy_pass
但我无法弄清楚。我的实际 *.conf(使用特定的 apps.conf)
server {
listen 80;
server_name DDNS_NAME LOCAL_DOCKER_HOST;
location / {
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
access_log /var/log/nginx/access_log.txt;
error_log /var/log/nginx/error_log.txt;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS +RC4 RC4";
server_name DDNS_NAME LOCAL_DOCKER_HOST;
ssl_certificate xxx;
ssl_certificate_key xxx;
location / {
proxy_pass http://LOCAL_DOCKER_HOST:9000/; #portainer
}
location /NAS {
proxy_pass http://NAS_LOCAL; #nas webUI
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
工作location /
效率达到了 95%,因为它实际上加载了 Portainer 接口,但是我无法在其中建立控制台连接,似乎 Portainer 在连接到容器的控制台时使用了不同的端口/套接字/其他东西...无论如何,没有它我也可以生存。
该死的是location /NAS
...这是一个curl -L DDNS_NAME/NAS -vvvv
> GET /NAS HTTP/1.1
> Host: DDNS_NAME
> User-Agent: curl/7.68.0
> Accept: */*
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* Mark bundle as not supporting multiuse
< HTTP/1.1 302 Found
< Server: nginx/1.19.5
< Date: Tue, 01 Dec 2020 16:23:02 GMT
< Content-Type: text/html; charset=iso-8859-1
< Content-Length: 212
< Connection: keep-alive
< Location: /r51201,/desktop,/login.html
<
* Ignoring the response-body
* Connected to DDNS_NAME (PUBLIC_IP) port 443 (#1)
> GET /r51201,/desktop,/login.html HTTP/1.1
> Host: DDNS_NAME
> User-Agent: curl/7.68.0
> Accept: */*
>
* Mark bundle as not supporting multiuse
< HTTP/1.1 404 Not Found
< Server: nginx/1.19.5
< Date: Tue, 01 Dec 2020 16:23:02 GMT
< Content-Type: text/plain; charset=utf-8
< Content-Length: 19
< Connection: keep-alive
< Cache-Control: max-age=31536000
< X-Content-Type-Options: nosniff
< X-Xss-Protection: 1; mode=block
<
404 page not found
它从正确的设备获得答案(因此初始代理有效),因为它被重定向到,*/r51201,/desktop,/login.html
但浏览器(或 curl -L)尝试从加载资源DDNS_NAME/r51201,/desktop,/login.html
,当然我得到了 404。我为此奋斗了数周,尝试了无限多种 proxy_set_header 组合,但也许我找不到正确的组合。
当然,我调整了输出以隐藏个人信息,我想联系多个人location
,但所有人都这样做,所以我只报告了一个
提前致谢