我正在尝试通过 Nginx 反向代理访问我的交换机。我可以使用本地 IP 通过 http 顺利访问交换机,但当我尝试通过反向代理使用 https 访问域名时,我可以获取登录页面,但当我输入我的凭据并单击登录时,页面超时(错误 502)。问题似乎出在 logon.cgi 页面上。
有人知道如何正确配置此交换机的反向代理吗?(我的 TP-Link 路由器和许多其他服务都有类似的配置)
这是我的简单反向代理配置:
server {
listen 80 default_server;
listen [::]:80 default_server;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
server_name switch.example.com
ssl_certificate ...
ssl_certificate_key ...
access_log /var/log/nginx/switch.access.log;
error_log /var/log/nginx/switch.error.log;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_buffering off;
client_max_body_size 0;
proxy_connect_timeout 3600s;
proxy_read_timeout 3600s;
proxy_send_timeout 3600s;
send_timeout 3600s;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://192.168.1.2;
proxy_redirect http://192.168.1.2 https://switch.example.com;
}
我尝试使用浏览器开发工具进行调试,但我真的不明白哪里出了问题。使用从 switch.example.com 到 192.168.1.2 的硬 DNS 映射有效,以下是我在开发工具中看到的登录脚本:
Request URL: http://switch.example.com/logon.cgi
Request Method: POST
Status Code: 200 OK
Remote Address: 192.168.1.2:80
Referrer Policy: strict-origin-when-cross-origin
Connection: close
Content-Type: text/html
Transfer-Encoding: chunked
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
Accept-Encoding: gzip, deflate
Accept-Language: en-US,en;q=0.9
Cache-Control: max-age=0
Connection: keep-alive
Content-Length: 53
Content-Type: application/x-www-form-urlencoded
Host: switch.example.com
Origin: http://switch.example.com
Referer: http://switch.example.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36 OPR/87.0.4390.45
但是,当我尝试通过反向代理(设置指向我的 nginx 服务器的 CNAME)访问交换机时,我看到的是以下内容:
Request URL: https://switch.example.com/logon.cgi
Referrer Policy: strict-origin-when-cross-origin
:authority: switch.example.com
:method: POST
:path: /logon.cgi
:scheme: https
accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9
accept-encoding: gzip, deflate, br
accept-language: en-US,en;q=0.9
cache-control: max-age=0
content-length: 53
content-type: application/x-www-form-urlencoded
origin: https://switch.example.com
referer: https://switch.example.com/
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="101", "Opera";v="87"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"
sec-fetch-dest: document
sec-fetch-mode: navigate
sec-fetch-site: same-origin
sec-fetch-user: ?1
upgrade-insecure-requests: 1
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.67 Safari/537.36 OPR/87.0.4390.45
另外,当我使用本地 IP 地址成功登录时,我使用 WireShark 捕获了请求(http://192.168.1.2): Wireshark 截图 (抱歉,链接不够)
查看 Nginx 错误日志,我发现这是一个超时错误:
来自Nginx反向代理的错误是超时错误:
2022/06/10 16:53:54 [error] 3630#3630: *29 upstream timed out (110: Unknown error) while reading response header from upstream, client:
192.168.1.123, server: switch.example.com, request: "POST /logon.cgi HTTP/2.0", upstream: "http://192.168.1.2:80/logon.cgi", host: "switch.example.com", referrer: "https://switch.example.com/"
答案1
如果你的用例与我的类似。这是我的解决方案docker-compose将 TP-Link 交换机置于 Nginx 代理之后。您可以使用该项目中的文件快速试用。
以下是配置的快速视图;
gzip off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Cookie $http_cookie;
proxy_set_header Referer https://switch1.my.home/;