我正在运行 Redis 以用于 Rails 和 Action Cable。它们都位于 Nginx 反向代理后面。目前,每当连接到 Redis 时,我都会得到
# Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted.
这可能是 Nginx 设置导致的吗?如果是,则配置如下:
server {
server_name "###";
location / { proxy_pass http://127.0.0.1:3000; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
}
location /cable { proxy_pass http://127.0.0.1:6379;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Host $host;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/###/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/###/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = ###) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name "###";
return 404; # managed by Certbot
}