Tomcat 和 Nginx 无需进行 302 重定向

tag-icon tag-icon nginx reverse-proxy tomcat java nginx-reverse-proxy
Tomcat 和 Nginx 无需进行 302 重定向

我正在创建到 tomcat 上的 WAR 应用程序的 https 连接(localhost:8080/myApp)。

里面有一个 Angular 和 Java 应用程序。我创建了 nginx 配置,然后查看了一些类似的问题这里这里有:

server {
    if ($https = "") {
            return 301 https://$host$request_uri;
    }
    listen  80;
    server_name my.app.com www.my.app.com;
    return 404;
}
server {
    server_name my.app.com www.my.app.com;
    access_log /var/log/nginx/expertry-access.log;
    error_log /var/log/nginx/expertry-error.log;

    location / {
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-Host $host;
        proxy_pass http://localhost:8080/myApp/;        
    }

    location /myApp/min {
        alias /var/www/httpdocs/my.app.com/myApp/src/main/resources/static/min/;
    }

    location /assets/ {
        alias /var/www/httpdocs/my.app.com/myApp/src/main/resources/static/assets/;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/app.expertry.de/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/my.app.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

问题是 my.app.com/login 页面工作正常,但是在发送带有某些凭据的登录表单后,302 重定向到同一页面而没有任何响应,并且在 BE 或 Angular 部分什么也没有发生。

哪里出了问题?可能需要重新配置某些标头,还是其他原因?

日志:302 来自网络标签

Request URL:
https://my.app.com/login
Request Method:
POST
Status Code:
302 Found
Remote Address:
5.189.249.46:64062
Referrer Policy:
strict-origin-when-cross-origin
Cache-Control:
no-cache, no-store, max-age=0, must-revalidate
Connection:
keep-alive
Content-Length:
0
Date:
Mon, 25 Mar 2024 13:39:59 GMT
Expires:
0
Location:
https://my.app.com/login
Pragma:
no-cache
Server:
nginx/1.18.0 (Ubuntu)
Set-Cookie:
JSESSIONID=99630EAB249FF4578E12809749C2C72F; Path=/myApp; HttpOnly
X-Content-Type-Options:
nosniff
X-Frame-Options:
DENY
X-Xss-Protection:
1; mode=block
Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding:
gzip, deflate, br, zstd
Accept-Language:
ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7,uk;q=0.6
Cache-Control:
max-age=0
Connection:
keep-alive
Content-Length:
68
Content-Type:
application/x-www-form-urlencoded
Cookie:
_ga=GA1.2.1925035569.1710852928; _gid=GA1.2.2111176261.1711364383; _gat=1; _ga_K42MQL5WDW=GS1.2.1711373521.7.1.1711373994.0.0.0
Host:
my.app.com
Origin:
https://my.app.com
Referer:
https://my.app.com/login
Sec-Ch-Ua:
"Chromium";v="122", "Not(A:Brand";v="24", "Google Chrome";v="122"
Sec-Ch-Ua-Mobile:
?0
Sec-Ch-Ua-Platform:
"Windows"
Sec-Fetch-Dest:
document
Sec-Fetch-Mode:
navigate
Sec-Fetch-Site:
same-origin
Sec-Fetch-User:
?1
Upgrade-Insecure-Requests:
1
User-Agent:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36

有效载荷:有效载荷

然后是 200 OK:

Request URL:
https://my.app.com/login
Request Method:
GET
Status Code:
200 OK
Remote Address:
5.189.249.46:64062
Referrer Policy:
strict-origin-when-cross-origin
HTTP/1.1 200
Server: nginx/1.18.0 (Ubuntu)
Date: Mon, 25 Mar 2024 13:39:59 GMT
Content-Type: text/html;charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
X-Frame-Options: DENY
X-Application-Context: application:prod,git:443
Set-Cookie: JSESSIONID=3055B06B41BDEF5F8BEC05C36279A927; Path=/myApp; HttpOnly
Content-Language: ru-RU
Content-Encoding: gzip
GET /login HTTP/1.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
Accept-Encoding: gzip, deflate, br, zstd
Accept-Language: ru-RU,ru;q=0.9,en-US;q=0.8,en;q=0.7,uk;q=0.6
Cache-Control: max-age=0
Connection: keep-alive
Cookie: _ga=GA1.2.1925035569.1710852928; _gid=GA1.2.2111176261.1711364383; _gat=1; _ga_K42MQL5WDW=GS1.2.1711373521.7.1.1711373994.0.0.0
Host: my.app.com
Referer: https://my.app.com/login
Sec-Fetch-Dest: document
Sec-Fetch-Mode: navigate
Sec-Fetch-Site: same-origin
Sec-Fetch-User: ?1
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/122.0.0.0 Safari/537.36
sec-ch-ua: "Chromium";v="122", "Not(A:Brand";v="24", "Google Chrome";v="122"
sec-ch-ua-mobile: ?0
sec-ch-ua-platform: "Windows"

UPD:本地我使用 curl 测试了应用程序并获得了正常响应,没有任何 302 循环,只是登录和通过不正确。

UPD2:由于我的实验,我删除了 server.xml 中的任何更改,现在重定向循环的问题消失了,但是仍然存在。

UPD3:为了从浏览器检查,我使用此代码片段,并且登录页面工作正常

let formData = new FormData();
formData.append('_csrf:', 'c7db50b5-a653-4f67-8b73-7d79adc52da73');
formData.append('userName', 'sdasd');
formData.append('password', 'sdasd');
formData.append('remember', 'on');

fetch("/login",
    {
        body: formData,
        method: "post"
    })

相关内容