nginx prox_pass:端口 3000 被重定向到 80。其他端口的配置相同

tag-icon tag-icon nginx domain-name-system reverse-proxy
nginx prox_pass:端口 3000 被重定向到 80。其他端口的配置相同

我有以下情况:

服务A

服务 A 可在 下使用host:8080

我已经在 nginx 中配置了一个反向代理来servicea.domain解析host:8080

这是我的配置文件(位置:/etc/nginx/sites-available/servicea


server {
    listen 80;
    listen [::]:80;

    server_name servicea.domain.com;

    location / {
        proxy_pass http://host:8080/admin/;
        include proxy_params;

    proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 90;
        proxy_set_header X-Forwarded-Proto $scheme;

    set $xforwardedssl "off";
    if ($scheme = https) {
            set $xforwardedssl "on";
    }
    }
}

服务 B

我想对服务 B 执行同样的操作(格拉法纳)。这可以在 下找到host:3000。我的 nginx-config 位于/etc/nginx/sites-available/serviceb看起来像这样:


server {
    listen 80;
    listen [::]:80;

    server_name serviceb.domain.com;

    location / {
        proxy_pass http://host:3000/;
        include proxy_params;

    proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 90;
        proxy_set_header X-Forwarded-Proto $scheme;

    set $xforwardedssl "off";
    if ($scheme = https) {
            set $xforwardedssl "on";
    }
    }
}
  • 两个文件都符号链接到/etc/nginx/sites-enabled/
  • Nginx 启动成功,没有报错。
  • 调用时一切正常servicea.domain
  • 当我拨打电话时serviceb.domain,浏览器中收到 400 错误代码。

当我使用 wget 加载页面时,我发现它实际上并没有解析为 host:3000,而是解析为 host:80。


╰─$ wget serviceb.domain.com
Will not apply HSTS. The HSTS database must be a regular and non-world-writable file.
ERROR: could not open HSTS store at '/home/config/.wget-hsts'. HSTS will be disabled.
--2024-04-08 12:17:00--  http://serviceb.domain.com/
Resolving serviceb.domain.com (serviceb.domain.com)... 10.25.25.34
Connecting to serviceb.domain.com (serviceb.domain.com)|10.25.25.34|:80... connected.
HTTP request sent, awaiting response... 400 Bad Request
2024-04-08 12:17:03 ERROR 400: Bad Request.

这是为什么?我的配置是 1:1 相同的?这说明配置是相同的。以下是 diff 的输出:


╰─$ diff serviceb servicea
5c5
<     server_name servicea.domain.com;
---
>     server_name serviceb.domain.com;
8c8
<         proxy_pass http://host:8080/admin/;
---
>         proxy_pass http://host:3000/;

有人能给我提示一下,我可以在哪里找到覆盖反向代理或影响名称解析的设置吗?如果您需要更多信息,请告诉我。

先感谢您!

答案1

没关系。问题已经解决了。

这里需要澄清一点:

  • wget 命令中的端口 80 只是反向代理上请求的端口,这才是应该的。
  • 配置文件出了点​​问题。不过,与此同时,很多事情已经发生了变化。

这是我们当前使用的配置,适用于通过互联网访问此网站的任何人。

服务-a


#########################################################################################
# Service A --> /etc/nginx/conf.d/service-a.conf

server {
  server_name service-a.domain.tld;
    location / {
        proxy_pass http://host-a:8080;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 90;
        proxy_set_header X-Forwarded-Proto $scheme;
        set $xforwardedssl "off";
        if ($scheme = https) {
            set $xforwardedssl "on";
         }
        proxy_set_header X-Forwarded-Ssl $xforwardedssl;
    }

    listen [::]:443 ssl; 
    listen 443 ssl; 
    ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem; 
    include /etc/letsencrypt/options-ssl-nginx.conf; 
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 


}
server {
    if ($host = service-a.domain.tld:8080) {
        return 301 https://$host$request_uri;
    } 


  listen 80;
  listen [::]:80;
  server_name service-a.domain.tld;
    return 404; 
}

服务-b(Grafana)


#########################################################################################
# Service B (Grafana) /etc/nginx/conf.d/service-b.conf

server {
  server_name service-b.domain.tld;
    location / {
        proxy_pass http://host-a:3000;
        proxy_set_header Host $host;
        proxy_set_header X-Forwarded-Host $server_name;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_read_timeout 90;
        proxy_set_header X-Forwarded-Proto $scheme;
        set $xforwardedssl "off";
        if ($scheme = https) {
            set $xforwardedssl "on";
         }
        proxy_set_header X-Forwarded-Ssl $xforwardedssl;
    }

    listen [::]:443 ssl; 
    listen 443 ssl; 
    ssl_certificate /etc/letsencrypt/live/domain.tld/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/domain.tld/privkey.pem; 
    include /etc/letsencrypt/options-ssl-nginx.conf; 
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; 


}
server {
    if ($host = service-b.domain.tld:3000) {
        return 301 https://$host$request_uri;
    } 


  listen 80;
  listen [::]:80;
  server_name service-b.domain.tld;
    return 404; 
}

以下是修改后的部分/etc/grafana/grafana.ini


#################################### Server ####################################
[server]
# Protocol (http, https, h2, socket)
protocol = https

# The ip address to bind to, empty will bind to all interfaces
http_addr =

# The http port  to use
http_port = 3000

# The public facing domain name used to access grafana from a browser
domain = domain.tld

# Redirect to correct domain if host header does not match domain
# Prevents DNS rebinding attacks
enforce_domain = false

# The full public facing url you use in browser, used for redirects and emails
# If you use reverse proxy and sub path specify full url (with sub path)
;root_url = %(protocol)s://%(domain)s:%(http_port)s/
root_url = https://subdomain.domain.tld:3000


# https certs & key file
cert_file = /etc/grafana/grafana.crt
cert_key = /etc/grafana/grafana.key

有关 Grafana 的更多信息,请参阅原创作品

相关内容