问题[nginx](server)

目标

使用 Nginx Web 服务器，运行独立的 Node.js 应用程序，该应用程序响应 API 调用来提供动态页面（例如../tempestvue/.next/standalone/.next/server/app/api/weather/route.js）。

问题

通过 运行 Node.js 服务器时pm2，Nginx 配置仅提供来自项目的静态页面；没有流量到达服务器curl。通过或 浏览器结果相同。

此外，在浏览器中检查页面Dev Tools->Network Tab，我发现如下路径出现 404 错误：https://www.westwindwebworks.com/tempestvue/_next/static/chunks/webpack-d8cdd8b109dd43bc.js。

我该如何更新配置以达到 404 资产？

更新：最终版

正在直播，请点击此处观看！

归根结底，问题主要在于如何构建独立应用。要为独立应用提供服务，www.domain.com/tempestvue需要满足以下三个条件：

1. 具有next.config.mjs：

   1. output: "standalone",
   2. basePath: "/tempestvue",
   3. trailingSlash: true,

2. 构建后的目录结构如下：

   .next/
     standalone/
       .next/           
       node_modules/    # Minimal set of dependencies for the app
       .env.production  # Server-side variables
       package.json     # Contains dependencies required to run the app
       server.js        # The entry point for the Node.js server
       static/          # Static assets copied here during build process
   public/              # Public directory added to build.tar.gz
   

   这是通过以下构建命令完成的：

   "build:release": "NODE_ENV=production next build && cp -r .next/static .next/standalone/.next/static && npm run release && tar --exclude=.git -czf build.tar.gz .next/standalone public",

3. 用于代理应用程序正在监听的端口的服务器位置配置块。

    # ------------------------------
    # Add a location block for TempestVue
    # ------------------------------
    location /tempestvue/ {
        proxy_pass http://127.0.0.1:3000;
        proxy_redirect default;
        proxy_http_version 1.1;

        # Recommended proxy headers:
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   Host $host;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection 'upgrade';
    }

之后，我使用 GitHub 操作将 复制并解压build.tar.gz到背景部分下面注明的目录结构中，然后使用server.js启动pm2。

最后，服务器的目录结构不需要像接受的答案中所设想的那样进行调整。

（非常感谢@Ivan Shatsky 帮助解决这个问题！）

更新 1：

在生产中，浏览器到达public目录，似乎正在寻找同一级别的 server.js，但实际上它正在下一级目录运行： /home/ec2-user/tempestvue/releases/20250128-013558/.next/standalone/server.js

是否https://www.westwindwebworks.com/tempestvue/_next/static/css/79b4bd61dccf868b.css返回 404，因为该资产的真实路径是：https://www.westwindwebworks.com/tempestvue/_next/stanalone/static/css/79b4bd61dccf868b.css？

basePath 和next.config.mjs

import dotenv from "dotenv";
import path from "path";

const isProd = process.env.NODE_ENV === "production";
/**
 * @type {import('next').NextConfig}
 */
const nextConfig = {
  basePath: isProd ? "/tempestvue" : "", // Adjust basePath for production
  trailingSlash: true, // Recommended for apps with a basePath
  //reactStrictMode: false, // Disable React strict mode

  env: {
    BASE_PATH: process.env.BASE_PATH,
    NEXT_PUBLIC_BASE_PATH: process.env.NEXT_PUBLIC_BASE_PATH,
    REACT_APP_BASE_PATH: process.env.REACT_APP_BASE_PATH,
  },

  webpack: (config) => {
    config.optimization.minimize = false; // Ensure no minification
    config.externals = [...config.externals, { canvas: "canvas" }]; // Required for Chart.js
    return config;
  },
};

// Determine the environment file
const envFile =
  process.env.NODE_ENV === "production" ? ".env.production" : ".env.local";
console.log(`Using environment file: ${envFile}`);

// Load .env.production or .env.local
dotenv.config({ path: path.resolve(process.cwd(), envFile) });

export default {
  ...nextConfig,
  output: "standalone",
  env: {
    ...Object.keys(process.env)
      .filter((key) => key.startsWith("NEXT_PUBLIC_")) // Only public variables are included
      .reduce((env, key) => {
        env[key] = process.env[key];
        return env;
      }, {}),
  },
};

背景

在部署服务器上，目录结构使用根项目文件夹中的单个符号链接/tempestvue指向当前版本。

/home/ec2-user/
          └── tempestvue
              ├── 20250127-031305 -> /home/ec2-user/tempestvue/releases/20250127-031305
              │   ├── ._public
              │   ├── .next
              │   │   ├── ._standalone
              │   │   ├── ._static
              │   │   ├── standalone
              │   │   └── static
              │   └── public
              │       ├── ._TempestVue.png
              │       ├── ._apple-icon copy.png
              │       ├── ._favicon.svg
              │       ├── ._globals.css
              │       ├── ._icon.png
              │       ├── ._manifest.json
              │       ├── TempestVue.png
              │       ├── apple-icon copy.png
              │       ├── favicon.svg
              │       ├── globals.css
              │       ├── icon.png
              │       └── manifest.json
              └── releases
                  ├── 20250126-011024
                  │   └── .next
                  ├── 20250126-202835
                  │   └── .next
                  ├── 20250126-220617
                  │   └── .next
                  ├── 20250126-231144
                  │   └── .next
                  └── 20250127-031305
                      ├── ._public
                      ├── .next
                      └── public

部署

Node.js 服务器通过这里运行pm2： /home/ec2-user/tempestvue/releases/20250127-031305/.next/standalone/server.js

服务器配置

注意：已编辑以反映当前使用的版本。

# Main server block for www
server {
    server_name www.westwindwebworks.com;
    root         /usr/share/nginx/html;


    # ------------------------------
    # Add a location block for TempestVue
    # ------------------------------
    location /tempestvue/ {
        proxy_pass http://127.0.0.1:3000;
        proxy_redirect default;
        proxy_http_version 1.1;

        # Recommended proxy headers:
        proxy_set_header   X-Real-IP $remote_addr;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   Host $host;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection 'upgrade';
    }

    # Load configuration files for the default server block.
    # include /etc/nginx/default.d/*.conf;

    error_page 404 /404.html;
    location = /404.html {
    }

    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
    }

    ...HTTPS stuff...
}

测试

[ec2-user@ip-172-31-24-45 tempestvue]$ curl -i https://www.westwindwebworks.com/tempestvue/ | html-beautify从项目返回一个静态页面：

注意：为简洁起见，已编辑，完整回复位于帖子末尾。

  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 13307    0 13307    0     0  94041      0 --:--:-- --:--:-- --:--:-- 95050
HTTP/1.1 404 Not Found
Server: nginx/1.26.2
Date: Mon, 27 Jan 2025 12:39:03 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Cache-Control: private, no-cache, no-store, max-age=0, must-revalidate
Vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch, Next-Router-Segment-Prefetch, Accept-Encoding
X-Powered-By: Next.js

<!DOCTYPE html>
<html lang="en" class="dark">

<head>
    <meta charSet="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    <link rel="stylesheet" href="/tempestvue/_next/static/css/79b4bd61dccf868b.css" data-precedence="next" />
    <link rel="preload" as="script" fetchPriority="low" href="/tempestvue/_next/static/chunks/webpack-d8cdd8b109dd43bc.js" />
    <script src="/tempestvue/_next/static/chunks/4bd1b696-1aaacd546f10f1e9.js" async=""></script>
    <script src="/tempestvue/_next/static/chunks/517-2fa7b8a64c116b65.js" async=""></script>
    <script src="/tempestvue/_next/static/chunks/main-app-dae125d39e3a4f3f.js" async=""></script>
    <meta name="robots" content="noindex" />
    <link rel="shortcut icon" href="/icon.png" />
    <link rel="apple-touch-icon" href="/apple-icon.png" />
    <link rel="icon" type="image/png" sizes="32x32" href="/icon.png" />
    <title>404: This page could not be found.</title>
    <title>TempestVue</title>
    <meta name="description" content="Real-time weather visualization dashboard." />
    <link rel="manifest" href="/manifest.json" />
    <meta property="og:title" content="Tempest Weather | Sand Hills Beach, Scituate, MA" />
    <meta property="og:description" content="Real-time weather conditions and forecast for Sand Hills Beach, Scituate, MA" />
    <meta property="og:url" content="https://www.westwindwedworks.com/tempestvue/" />
    <meta property="og:site_name" content="Tempest Weather" />
    <meta property="og:locale" content="en_US" />
    <meta property="og:image" content="https://www.westwindwedworks.com/tempestvue/og-image.png" />
    <meta property="og:image:width" content="1200" />
    <meta property="og:image:height" content="630" />
    <meta property="og:type" content="website" />
    <meta name="twitter:card" content="summary_large_image" />
    <meta name="twitter:title" content="Tempest Weather | Sand Hills Beach, Scituate, MA" />
    <meta name="twitter:description" content="Real-time weather conditions and forecast for Sand Hills Beach, Scituate, MA" />
    <meta name="twitter:image" content="https://www.westwindwedworks.com/tempestvue/og-image.png" />
    <meta name="twitter:image:width" content="1200" />
    <meta name="twitter:image:height" content="630" />
    <link rel="shortcut icon" href="/icon.png" />
    <link rel="icon" href="/favicon-16x16.png" sizes="16x16" type="image/png" />
    <link rel="icon" href="/favicon-32x32.png" sizes="32x32" type="image/png" />
    <link rel="icon" href="/favicon-48x48.png" sizes="48x48" type="image/png" />
    <link rel="apple-touch-icon" href="/apple-icon.png" sizes="180x180" type="image/png" />
    <link rel="stylesheet" href="https://unpkg.com/[email protected]/dist/leaflet.css" integrity="sha256-p4NxAoJBhIIN+hmNHrzRCf9tD/miZyoHS5obTRR9BMY=" crossorigin="" />
    <script src="/tempestvue/_next/static/chunks/polyfills-42372ed130431b0a.js" noModule=""></script>
</head>
<body>
  ...
</body>

如果 URL 不正确，~]$ curl -i https://www.westwindwebworks.com/tempestvu/ | html-beautify则会从 Web 根目录返回通用 Nginx 404 页面/usr/share/nginx/html：

[ec2-user@ip-172-31-24-45 ~]$ curl -i https://www.westwindwebworks.com/tempestvu/ | html-beautify
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100  3650  100  3650    0     0  32791      0 --:--:-- --:--:-- --:--:-- 32882
HTTP/1.1 404 Not Found
Server: nginx/1.26.2
Date: Mon, 27 Jan 2025 12:57:47 GMT
Content-Type: text/html
Content-Length: 3650
Connection: keep-alive
ETag: "6793f381-e42"

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN" "http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en">

<head>
    <title>The page is not found</title>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
    <style type="text/css">
    ...
    </style>
</head>

<body>
    <h1><strong>nginx error!</strong></h1>

    <div class="content">

        <h3>The page you are looking for is not found.</h3>
        ....
    </div>
</body>

未经编辑的回应，以供进一步调查

<!DOCTYPE html>
<html lang="en" class="dark">

<head>
    <meta charSet="utf-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=0" />
    <meta name="viewport" content="width=device-width, initial-scale=1" />
    <link rel="stylesheet" href="/tempestvue/_next/static/css/79b4bd61dccf868b.css" data-precedence="next" />
    <link rel="preload" as="script" fetchPriority="low" href="/tempestvue/_next/static/chunks/webpack-d8cdd8b109dd43bc.js" />
    <script src="/tempestvue/_next/static/chunks/4bd1b696-1aaacd546f10f1e9.js" async=""></script>
    <script src="/tempestvue/_next/static/chunks/517-2fa7b8a64c116b65.js" async=""></script>
    <script src="/tempestvue/_next/static/chunks/main-app-dae125d39e3a4f3f.js" async=""></script>
    <meta name="robots" content="noindex" />
    <link rel="shortcut icon" href="/icon.png" />
    <link rel="apple-touch-icon" href="/apple-icon.png" />
    <link rel="icon" type="image/png" sizes="32x32" href="/icon.png" />
    <title>404: This page could not be found.</title>
    <title>TempestVue</title>
    <meta name="description" content="Real-time weather visualization dashboard." />
    <link rel="manifest" href="/manifest.json" />
    <meta property="og:title" content="Tempest Weather | Sand Hills Beach, Scituate, MA" />
    <meta property="og:description" content="Real-time weather conditions and forecast for Sand Hills Beach, Scituate, MA" />
    <meta property="og:url" content="https://www.westwindwedworks.com/tempestvue/" />
    <meta property="og:site_name" content="Tempest Weather" />
    <meta property="og:locale" content="en_US" />
    <meta property="og:image" content="https://www.westwindwedworks.com/tempestvue/og-image.png" />
    <meta property="og:image:width" content="1200" />
    <meta property="og:image:height" content="630" />
    <meta property="og:type" content="website" />
    <meta name="twitter:card" content="summary_large_image" />
    <meta name="twitter:title" content="Tempest Weather | Sand Hills Beach, Scituate, MA" />
    <meta name="twitter:description" content="Real-time weather conditions and forecast for Sand Hills Beach, Scituate, MA" />
    <meta name="twitter:image" content="https://www.westwindwedworks.com/tempestvue/og-image.png" />
    <meta name="twitter:image:width" content="1200" />
    <meta name="twitter:image:height" content="630" />
    <link rel="shortcut icon" href="/icon.png" />
    <link rel="icon" href="/favicon-16x16.png" sizes="16x16" type="image/png" />
    <link rel="icon" href="/favicon-32x32.png" sizes="32x32" type="image/png" />
    <link rel="icon" href="/favicon-48x48.png" sizes="48x48" type="image/png" />
    <link rel="apple-touch-icon" href="/apple-icon.png" sizes="180x180" type="image/png" />
    <link rel="stylesheet" href="https://unpkg.com/[email protected]/dist/leaflet.css" integrity="sha256-p4NxAoJBhIIN+hmNHrzRCf9tD/miZyoHS5obTRR9BMY=" crossorigin="" />
    <script src="/tempestvue/_next/static/chunks/polyfills-42372ed130431b0a.js" noModule=""></script>
</head>
<body class="bg-gradient-to-br from-gray-950 to-gray-900 text-white min-h-screen antialiased">
    <header class="w-full  h-14 md:h-16 lg:h-18  px-2 sm:px-4 md:px-6 lg:px-8  py-2 md:py-2.5 border-b border-white/10  backdrop-blur-md fixed top-0 z-50  bg-gradient-to-r from-blue-400/30 via-purple-400/30 to-blue-400/30">
        <div class="max-w-7xl mx-auto h-full relative">
            <div class="h-full flex items-center justify-center">
                <h1 class="text-lg sm:text-xl md:text-2xl lg:text-3xl xl:text-4xl  font-bold text-center tracking-tight"><span class="weather-text-gradient">TempestVue v1</span></h1>
            </div>
        </div>
    </header>
    <main class="pt-14 md:pt-16 lg:pt-18">
        <div style="font-family:system-ui,&quot;Segoe UI&quot;,Roboto,Helvetica,Arial,sans-serif,&quot;Apple Color Emoji&quot;,&quot;Segoe UI Emoji&quot;;height:100vh;text-align:center;display:flex;flex-direction:column;align-items:center;justify-content:center">
            <div>
                <style>
                    body {
                        color: #000;
                        background: #fff;
                        margin: 0
                    }

                    .next-error-h1 {
                        border-right: 1px solid rgba(0, 0, 0, .3)
                    }

                    @media (prefers-color-scheme:dark) {
                        body {
                            color: #fff;
                            background: #000
                        }

                        .next-error-h1 {
                            border-right: 1px solid rgba(255, 255, 255, .3)
                        }
                    }
                </style>
                <h1 class="next-error-h1" style="display:inline-block;margin:0 20px 0 0;padding:0 23px 0 0;font-size:24px;font-weight:500;vertical-align:top;line-height:49px">404</h1>
                <div style="display:inline-block">
                    <h2 style="font-size:14px;font-weight:400;line-height:49px;margin:0">This page could not be found.</h2>
                </div>
            </div>
        </div>
    </main>
    <script src="/tempestvue/_next/static/chunks/webpack-d8cdd8b109dd43bc.js" async=""></script>
    <script>
        (self.__next_f = self.__next_f || []).push([0])
    </script>
    <script>
        self.__next_f.push([1, "1:\"$Sreact.fragment\"\n2:I[5244,[],\"\"]\n3:I[3866,[],\"\"]\n4:I[6213,[],\"OutletBoundary\"]\n6:I[6213,[],\"MetadataBoundary\"]\n8:I[6213,[],\"ViewportBoundary\"]\na:I[4835,[],\"\"]\n:HL[\"/tempestvue/_next/static/css/79b4bd61dccf868b.css\",\"style\"]\n"])
    </script>

这有点难以描述。我基本上希望 nginx 使用 autoindex 而不是设置的 index.html 文件（如果?listing=trueURI 中有的话）进行响应。

我已经尝试将它放在我的里面location / {...}，以使其没有任何索引可显示：

if ($arg_listing = "true") {
    index =404;
    add_header Content-Type application/json;
    return 200;
}

但这使得 nginx 服务无法启动，因为显然你不能在 if 块内有index或autoindex。我知道 if 块至少可以工作，因为如果我删除 ，就会返回 200 index。

我对使用 nginx 经验不多，所以我不知道该怎么做。以下是完整/etc/nginx/sites-enabled/default配置： https: //pastebin.com/iRiMpCk9

编辑：更改了 Pastebin 链接，因为之前是错误的。

我正在 Fedora 上使用 Podman 在服务前面设置反向代理。问题是当我将位置设置为时，/一切都正常，但当我添加子目录时，/read/我收到不同的错误。
这是 nginx 配置：

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}

http {
    server {
        listen 80 default_server;
        listen [::]:80 default_server;
        error_log  /var/log/nginx/err.log notice;
        access_log  /var/log/nginx/acc.log;

location /read/ {
            proxy_pass http://127.0.0.1:8000/read/;
            proxy_set_header  X-Forwarded-Host 127.0.0.1:8080;
            proxy_set_header  X-Real-IP         $remote_addr;
            proxy_set_header  Host              $host;
            proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header  X-Forwarded-Proto $scheme;
        }
    }
}

以及尝试访问服务时的响应：

curl --noproxy "127.0.0.1" -v http://127.0.0.1:8080/read/
*   Trying 127.0.0.1:8080...
* Connected to 127.0.0.1 (127.0.0.1) port 8080
> GET /read/ HTTP/1.1
> Host: 127.0.0.1:8080
> User-Agent: curl/8.6.0
> Accept: */*
>
< HTTP/1.1 303 See Other
< Server: nginx/1.27.3
< Date: Fri, 24 Jan 2025 21:57:28 GMT
< Content-Length: 0
< Connection: keep-alive
< Cache-Control: private
< Content-Security-Policy: base-uri 'none'; default-src 'self'; font-src 'self'; form-action 'self'; frame-ancestors 'none'; img-src 'self' data:; media-src 'self' data:; object-src 'none'; report-uri http://127.0.0.1:8080/logger/csp-report; script-src 'report-sample' 'nonce-89583bebc2e348ba85f0ef7463e3162c' 'unsafe-inline'; style-src 'report-sample' 'nonce-89583bebc2e348ba85f0ef7463e3162c' 'unsafe-inline'
< Location: http://127.0.0.1:8080/login?r=%2Fread%2F
< Permissions-Policy: interest-cohort=()
< Referrer-Policy: same-origin, strict-origin
< Set-Cookie: sxid=MTczNzc1NTg0OHwwajkzbFhpXzVtc2ZQVnh6bWNJdEllbWlrcm5pVl9Zb1pvZkl1TjN1U1MwZDVNN2ZOQ1F0WHRDT214dTNsY1RPRUl2RHg3UmRlSlB2SVFSWm1UdGQwcm9zSEF1bkFGdVB4dlJpU2p0M1dnPT18HfAf2yi5rBri3VK6LK5cOogYr1mqjogyBFa4Z8BM-2I=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT; Max-Age=0; HttpOnly; SameSite=Lax
< Vary: Accept-Encoding
< X-Content-Type-Options: nosniff
< X-Frame-Options: DENY
< X-Robots-Tag: noindex, nofollow, noarchive
< X-Xss-Protection: 1; mode=block
<
* Connection #0 to host 127.0.0.1 left intact

在网络浏览器中输入 http://127.0.0.1:8080/read/

我有一台有两个以太网端口的服务器，一个端口的 IP 地址为192.168.x.y，另一个端口的 IP 地址不同。该服务器运行 Debian Bookworm 和 nginx 1.22.1。这是我的 nginx 站点配置：

server {
        server_name <hostname>;

        listen 443 ssl;
        listen [::]:443 ssl;

        ssl_certificate <path to cert>
        ssl_certificate_key <path to key>

        location / {
                proxy_bind 192.168.x.y;
                proxy_pass http://192.168.x.y:<port>/;
                proxy_set_header X-Forwarded-For $remote_addr;
        }
}

proxy_bind设置为192.168.x.y，但是运行 的服务的日志http://192.168.x.y:<port>/显示它正在接收来自其他以太网端口 IP 地址的连接。这是一个问题，因为该服务仅配置为信任X-Forwarded-For。192.168.x.y为什么 nginx 会忽略proxy_bind？

编辑：我现在已经重现了这一点，其中代理目标只是一个未修改的 nginx 容器。这清楚地记录了主 nginx 服务正在使用错误的 IP 地址：

<wrong ip> - - [23/Jan/2025:20:42:22 +0000] "GET /index.html HTTP/1.0" 200 615 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:134.0) Gecko/20100101 Firefox/134.0" "<my laptop's ip>"

我在 Ubuntu 24.04 上安装了带有 PHP8 的 LEMP，并且能够托管 WordPress 网站。

我唯一无法弄清楚的是 PHP 错误记录在哪里。

例如我创建了一个 PHP 页面，但出现错误：

<?php

phpinfo1();

?>

当我打开此页面时，浏览器显示以下内容：

没有出现任何错误信息/var/log/php8.3-fpm.log。

我补充道

error_log = /var/log/php8-error-log.log

到/etc/php/8.3/fpm/php.ini：

重新启动 php-fpm 服务

sudo service php8.3-fpm restart

并打开了出现错误的页面，但文件/var/log/php8-error-log.log根本没有创建。

下面我提供了我的phpinfo()：

使用 Synology DSM 7.2.2-72806 Update 2、Docker Container Manager 20.10.23，安装并运行Nginx 官方映像，通过 SSH 访问服务器，我发现 nano/apt/git 不存在。

是否可以构建一个包含 nano、git 和 apt 的新 nginx 服务器映像？如果可以，如何构建？

Nginx 版本 1.27.3，带 bookworm

我认为具有 nginx + ssl + nodered + grafana + mosquitto + influxdb 的 docker 系统很常见，我希望这能够对其他人有所帮助。

我已经完美地运行了 nginx 和 ssl（certbot），如果我访问http://example.com:1880或http://example.com:1880/ui或http://example.com:3000，我可以完美地访问 nodered flows、ui 和 grafana。

但我需要“更多”。

我想要有这样的“子文件夹”：

1. grafana 将转到 example.com/grafana
2. nodered 流程编辑必须转到 example.com/nodered
3. nodered ui（dashboard 或 flowfuse，无论什么）必须转到 example.com

我尝试了数百种配置，编辑 docker-compose.yml、nginx.conf、settings.js 和 grafana.ini，但是......没有运气。

我希望有人能有类似的东西并与我们分享他/她的配置文件。

这些是此时的矿井（我已删除了我的“错误配置尝试”）

server {
    listen 80;
    listen [::]:80;
    server_name example.com;
    location /.well-known/acme-challenge {
        allow all;
        root /var/www/certbot;
    }
    location / {
#        rewrite ^ https://$host$request_uri? permanent;
        return 301 https://$server_name$request_uri;
    }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name example.com;

    #STATIC index index.php index.html index.htm;
    #STATIC root /var/www/html;

    server_tokens off; #Disable the Nginx version in headers for security       

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

#linuxserver.io
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
    ssl_session_tickets off;

    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    # Logs for Nginx access and errors
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    location ~ /\.ht { deny all; }

    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt { log_not_found off; access_log off; allow all; }
    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ { expires max; log_not_found off; }    
}

Docker-compose.yml

services:
  mosquitto:
    image: eclipse-mosquitto:2
    container_name: mosquitto
    ports:
      - "1883:1883"
      #- "8883:8883"
      #- "9001:9001" # Websocket opcional
    volumes:
      - ./mosquitto-data:/mosquitto
    restart: unless-stopped
    #environment:
    #  - 'TZ='Europe/Brussels'

  influxdb:
    image: influxdb:2.7
    container_name: influxdb
    ports:
      - "8086:8086"
    volumes:
      - ./influxdb-data:/var/lib/influxdb2
      - ./influxdb-config:/etc/influxdb2
    environment:
      - DOCKER_INFLUXDB_INIT_MODE=setup
      - DOCKER_INFLUXDB_INIT_USERNAME=user
      - DOCKER_INFLUXDB_INIT_PASSWORD=password
      - DOCKER_INFLUXDB_INIT_ORG=org
      - DOCKER_INFLUXDB_INIT_BUCKET=buck
      - DOCKER_INFLUXDB_INIT_RETENTION=0
    restart: unless-stopped

  grafana:
    image: grafana/grafana:11.4.0
    container_name: grafana
    ports:
      - "3000:3000"
    volumes:
      - ./grafana-data:/var/lib/grafana
      - ./grafana-config:/etc/grafana
    #user: "0"
    environment:
      - GF_SECURITY_ADMIN_USER=user
      - GF_SECURITY_ADMIN_PASSWORD=password
      #- GF_SERVER_ROOT_URL=https://example.com/grafana
      #- GF_SERVER_DOMAIN=https://example.com/
      #- GF_INSTALL_PLUGINS 
    restart: unless-stopped

  nodered:
    image: nodered/node-red:4.0
    container_name: nodered
    ports:
      - "1880:1880"
    volumes:
      - ./nodered-data:/data
    restart: unless-stopped

  nginx:
    image: nginx:1.27.3-bookworm
    container_name: nginx
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - ./nginx-data:/etc/nginx/conf.d
      - ./nginx-logs:/var/log/nginx
      - ./letsencrypt-data:/etc/letsencrypt
      - ./certbot-data:/var/www/certbot
    depends_on:
      - nodered
      - grafana
      - influxdb
    restart: unless-stopped

  certbot:
    image: certbot/certbot
    container_name: certbot
    depends_on:
      - nginx
    volumes:
      - ./letsencrypt-data:/etc/letsencrypt
      - ./certbot-data:/var/www/certbot
    #restart: unless-stopped
#    command: certonly --webroot --webroot-path=/var/www/certbot/ --email [email protected] --agree-tos --no-eff-email --staging -d example.com
    #command: certonly --webroot --webroot-path=/var/www/certbot/ --email [email protected] --agree-tos --no-eff-email --force-renewal -d example.com

volumes:
  mosquitto-data:
  influxdb-data:
  influxdb-config:
  grafana-data:
  grafana-config:
  nodered-data:
  letsencrypt-data:
  nginx-data:
  certbot-data:

我需要对这些文件进行什么更改/添加？：

1. nodered：docker-compose、nginx 和 settings.js
2. grafana：docker-compose、nginx 和 grafana.ini

多谢。

2025/01/15 19:00 (UTC): 我已经开始使用 grafana 一步一步进行（我认为这更容易）我已经将 docker-compose 更改为：

  grafana:
    image: grafana/grafana:11.4.0
    container_name: grafana
    ports:
      - "3000:3000"
    volumes:
      - ./grafana-data:/var/lib/grafana
      - ./grafana-config:/etc/grafana
    #user: "0"
    environment:
      - GF_SECURITY_ADMIN_USER=user
      - GF_SECURITY_ADMIN_PASSWORD=password
      - GF_SERVER_ROOT_URL=https://example.com/grafana/
      - GF_SERVER_DOMAIN=https://example.com/
      - GF_SERVER_SERVER_FORM_SUB_PATH=true
    restart: unless-stopped

和 nginx.conf：

    # Grafana Dashboard
    location /grafana/ {
        proxy_set_header Host $host;
        proxy_pass http://grafana:3000/;
    }

    # Proxy Grafana Live WebSocket connections.
    location /grafana/api/live/ {
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_pass http://grafana:3000/;
    }

我没有改变 grafana.ini，因为我找到了在 docker-compose 中使用环境变量的更好方法。

我得到了“一些东西”，至少，“grafana”正在回答：

If you're seeing this Grafana has failed to load its application files
This could be caused by your reverse proxy settings.
If you host grafana under a subpath make sure your grafana.ini root_url setting includes subpath. If not using a reverse proxy make sure to set serve_from_sub_path to true.
If you have a local dev build make sure you build frontend using: yarn start, or yarn build.
Sometimes restarting grafana-server can help.
Check if you are using a non-supported browser. For more information, refer to the list of supported browsers .

所以我仍然无法让它工作。

2025/01/15 20:30 (UTC): 在这里我尝试 nodered，最简单的“代理”配置。

我已在 nginx.conf 中添加了此项

    location / {
        proxy_pass http://nodered:1880/;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
#        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#        proxy_set_header X-Forwarded-Proto $scheme;

#        # WebSocket support
        proxy_http_version 1.1;
#        proxy_cache_bypass  $http_upgrade;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";

        rewrite ^/(.*) /$1 break;
    }

我尝试了几次对每一行进行注释和取消注释（每次尝试===一行注释或取消注释）

再次查看部分结果。我可以看到 nodered 正在响应，但由于几个静态页面未加载，因此页面为空白。

这些是我在控制台中看到的一些错误：

Failed to load resource: the server responded with a status of 404 ()Understand this errorAI
example.com/:1 Refused to execute script from 'https://example.com/vendor/vendor.js?v=3305aad6c0c6' because its MIME type ('text/html') is not executable, and strict MIME type checking is enabled.Understand this errorAI
monaco-bootstrap.js:1 
        
Failed to load resource: the server responded with a status of 404 ()Understand this errorAI
red.min.js:1 
Failed to load resource: the server responded with a status of 404 ()Understand this errorAI
main.min.js:1 

所以，我再次感到自己很愚蠢。这可能也很容易解决，我已经尝试了我在谷歌上找到的所有方法，并使用了 chatgpt（例如）

再次感谢您的帮助。

2025/01/18 9:00（UTC）：

我继续尝试不同的东西。这次最简单的 grafana 配置仅用于测试 docker-compose 和 nginx 配置。再次没有运气。

    # Grafana Dashboard
    location / {
        proxy_set_header Host $host;
        proxy_pass http://grafana:3000/;
    }

  grafana:
    image: grafana/grafana:latest
    container_name: grafana
    ports:
      - "3000:3000"
    volumes:
      - ./grafana-data:/var/lib/grafana
      - ./grafana-config:/etc/grafana
    #user: "0"
    environment:
      - GF_SECURITY_ADMIN_USER=user
      - GF_SECURITY_ADMIN_PASSWORD=password

并且 grafana.ini 没有从默认的进行修改。

我可以看到有错误的 grafana 网页，并且在控制台、网络选项卡中，我可以看到 chrome 没有加载 css 和 js 文件。

https://example.com/public/build/grafana.dark.722d809dba5a31f57d49.css

我已经检查过这个文件在 grafana 容器内存在，所以我不知道为什么 nginx 没有重定向或找到这个文件。

但是，找到了这个文件： https: //example.com/public/img/grafana_icon.svg

那么 nginx 配置文件中的 js、css 等文件是否存在问题，不是吗？

如果我去（测试）http://example.com:3000文件被正确加载： http://example.com: 3000/public/build/grafana.dark.722d809dba5a31f57d49.css

那么...有什么解决办法吗？

（以防万一，我为这个“简单”测试使用了 nginx.conf 文件:)

server {
    listen 80;
    listen [::]:80;
    server_name example.com;
    location /.well-known/acme-challenge {
        allow all;
        root /var/www/certbot;
    }
    location / {
        rewrite ^ https://$host$request_uri? permanent;
#        return 301 https://$server_name$request_uri;
    }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name example.com;

    server_tokens off; #Disable the Nginx version in headers for security       

    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;

    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m; # about 40000 sessions
    ssl_session_tickets off;

    add_header X-Frame-Options "SAMEORIGIN" always;
    add_header X-XSS-Protection "1; mode=block" always;
    add_header X-Content-Type-Options "nosniff" always;
    add_header Referrer-Policy "no-referrer-when-downgrade" always;
    # Grafana Dashboard
    location / {
        proxy_set_header Host $host;
        proxy_pass http://grafana:3000/;
    }

    # Logs for Nginx access and errors
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    location ~ /\.ht { deny all; }

    location = /favicon.ico { log_not_found off; access_log off; }
    location = /robots.txt { log_not_found off; access_log off; allow all; }
    location ~* \.(css|gif|ico|jpeg|jpg|js|png)$ { expires max; log_not_found off; }    
}

我有一个在 Debian 上运行的 Hetzner 云服务器，我正试图在上面托管一个网站，不幸的是，每次我尝试访问它时，连接都会超时。
我尝试了 Apache2 和 Nginx，并设法将两者设置为可以使用命令（不是 IP，而是域）在服务器上成功访问网站的程度curl [domain]，但在任何其他系统或浏览器上执行相同操作都不起作用，而是超时。以下是命令ufw status：

To                         Action      From
--                         ------      ----
WWW                        ALLOW       Anywhere
22/tcp                     ALLOW       Anywhere
443                        ALLOW       Anywhere
80/tcp                     ALLOW       Anywhere
Nginx Full                 ALLOW       Anywhere
WWW (v6)                   ALLOW       Anywhere (v6)
22/tcp (v6)                ALLOW       Anywhere (v6)
443 (v6)                   ALLOW       Anywhere (v6)
80/tcp (v6)                ALLOW       Anywhere (v6)
Nginx Full (v6)            ALLOW       Anywhere (v6)

域名本身也设置正确，检查其 A 或 AAAA 记录是否指向我的 Hetzner 云的 IP。名称服务器在 Porkbun 上，而不是 Hetzner 上，但据我所知这应该不是问题。
执行 MTR 会产生以下结果（出于隐私原因删除了前几个步骤，但它们没有任何损失）：

|                          Host              -   %  | Sent | Recv | Best | Avrg | Wrst | Last |
|---------------------------------------------------|------|------|------|------|------|------|
|                       decix-gw.hetzner.com -    0 |   81 |   81 |   10 |   11 |   12 |   11 |
|                    core12.nbg1.hetzner.com -    0 |   81 |   81 |   11 |   11 |   12 |   11 |
|            spine16.cloud1.nbg1.hetzner.com -    0 |   81 |   81 |   11 |   11 |   13 |   12 |
|             spine1.cloud1.nbg1.hetzner.com -    0 |   81 |   81 |   11 |   15 |   67 |   26 |
|                         Request timed out. -  100 |   17 |    0 |    0 |    0 |    0 |    0 |
|                      11236.your-cloud.host -    0 |   81 |   81 |   11 |   11 |   12 |   11 |
|static.76.42.203.116.clients.your-server.de -    0 |   81 |   81 |   11 |   12 |   31 |   12 |

我还联系了 Hetzner 支持人员，他们确认他们那边没有问题。

澄清这个问题：我如何确保服务器上的网站可以访问而不会不断超时？

我无法在网上找到有关 nginx 从哪个版本开始将其http_auth_basic_module作为配置选项包含的信息。此外，我该如何启用它？或者我可以从哪里下载模块？

服务器配置：

nginx -V

nginx version: nginx/1.24.0 (Ubuntu)
built with OpenSSL 3.0.13 30 Jan 2024
TLS SNI support enabled
./configure \
--with-cc-opt='-g -O2 -fno-omit-frame-pointer -mno-omit-leaf-frame-pointer -ffile-prefix-map=/build/nginx-DlMnQR/nginx-1.24.0=. -flto=auto -ffat-lto-objects -fstack-protector-strong -fstack-clash-protection -Wformat -Werror=format-security -fcf-protection -fdebug-prefix-map=/build/nginx-DlMnQR/nginx-1.24.0=/usr/src/nginx-1.24.0-2ubuntu7.1 -fPIC -Wdate-time -D_FORTIFY_SOURCE=3' \
--with-ld-opt='-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -Wl,-z,relro -Wl,-z,now -fPIC' \
--prefix=/usr/share/nginx \
--conf-path=/etc/nginx/nginx.conf \
--http-log-path=/var/log/nginx/access.log \
--error-log-path=stderr \
--lock-path=/var/lock/nginx.lock \
--pid-path=/run/nginx.pid \
--modules-path=/usr/lib/nginx/modules \
--http-client-body-temp-path=/var/lib/nginx/body \
--http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
--http-proxy-temp-path=/var/lib/nginx/proxy \
--http-scgi-temp-path=/var/lib/nginx/scgi \
--http-uwsgi-temp-path=/var/lib/nginx/uwsgi \
--with-compat \
--with-debug \
--with-pcre-jit \
--with-http_ssl_module \
--with-http_stub_status_module \
--with-http_realip_module \
--with-http_auth_request_module \
--with-http_v2_module \
--with-http_dav_module \
--with-http_slice_module \
--with-threads \
--with-http_addition_module \
--with-http_flv_module \
--with-http_gunzip_module \
--with-http_gzip_static_module \
--with-http_mp4_module \
--with-http_random_index_module \
--with-http_secure_link_module \
--with-http_sub_module \
--with-mail_ssl_module \
--with-stream_ssl_module \
--with-stream_ssl_preread_module \
--with-stream_realip_module \
--with-http_geoip_module=dynamic \
--with-http_image_filter_module=dynamic \
--with-http_perl_module=dynamic \
--with-http_xslt_module=dynamic \
--with-mail=dynamic \
--with-stream=dynamic \
--with-stream_geoip_module=dynamic

使用 grep 搜索：

nginx -V 2>&1 | grep http_auth_basic_module

结果：

Not found

GitHub - /src/http/modules/ngx_http_auth_basic_module.c

NGINX 配置测试

# info.nginx
location = "/info.nginx" {

    auth_basic           "Administrator's Area";
    auth_basic_user_file /etc/nginx/.htpasswd;

    access_log    off;
    default_type  "application/json; charset=UTF-8";
    return        200 '{"nginx_version":"$nginx_version","time":{"time_iso8601":"$time_iso8601","time_local":"$time_local","msec":"$msec"},"remote":{"remote_addr":"$remote_addr","remote_port":"$remote_port"},"host":{"host":"$host","hostname":"$hostname"},"server":{"server_addr":"$server_addr","server_name":"$server_name","server_port":"$server_port","server_protocol":"$server_protocol"},"request":{"request_time":"$request_time","request_method":"$request_method","request_uri":"$request_uri","request_filename":"$request_filename","uri":"$uri","query_string":"$query_string","realpath_root":"$realpath_root"},"document":{"document_root":"$document_root","document_uri":"$document_uri"}}';
}

我正在尝试使用Nginx为我的Ubuntu服务器设置Https。我在 localhost 上运行一个应用程序并使用反向代理。这是我第一次使用 Linux 和 nginx。我的 https 请求每次都失败。我将尝试从服务器中包含尽可能多的相关详细信息：

我已经为我的网站分配了一个域名，并使用 certbot 配置了 ssl 证书。

当我使用http发出请求时，它成功了： curl 请求到 http 端口

但是https请求总是失败： curl请求https端口

端口 443 和 80 均处于活动状态且正在监听： 活动端口

为了简化调试，我现在已经将 nginx 配置为将 http 请求（端口 80）重定向到 https（端口 443）。这意味着现在对我的 http 发出的请求也会失败。这是我网站的配置文件： nginx conf 文件

以下是我发出 https 请求后 nginx 调试日志的片段：

2024/12/28 18:27:40 [debug] 21424#21424: *207 http script copy: "https://"
2024/12/28 18:27:40 [debug] 21424#21424: *207 http script var: "chatbot.sweatsupport.site"
2024/12/28 18:27:40 [debug] 21424#21424: *207 http script var: "/ws/socket.io/?EIO=4&transport=polling&t=PGEXYJx"
2024/12/28 18:27:40 [debug] 21424#21424: *207 http finalize request: 301, "/ws/socket.io/?EIO=4&transport=polling&t=PGEXYJx" a:1, c:1
2024/12/28 18:27:40 [debug] 21424#21424: *207 http special response: 301, "/ws/socket.io/?EIO=4&transport=polling&t=PGEXYJx"
2024/12/28 18:27:40 [debug] 21424#21424: *207 http set discard body
2024/12/28 18:27:40 [debug] 21424#21424: *207 HTTP/1.1 301 Moved Permanently
Server: nginx/1.24.0 (Ubuntu)
Date: Sat, 28 Dec 2024 18:27:40 GMT
Content-Type: text/html
Content-Length: 178
Connection: keep-alive
Location: https://chatbot.sweatsupport.site/ws/socket.io/?EIO=4&transport=polling&t=PGEXYJx

我从日志中了解到，做出了 301 http 响应。似乎没有上游日志显示对 localhost:8000 的任何请求。我确实试图理解日志，但这会导致更多混乱，所以我不会提及这一点。

我已经因为这个错误而苦恼了 3 天，浏览了尽可能多的论坛，但毫无进展。如果您需要更多信息，请告诉我。如果您有任何建议，我将不胜感激。