我的 nginx 代理传递配置设置如下:
location /try-me {
proxy_pass https://some-domain.com?id=true&zone=false
}
这工作正常。但问题是当浏览器中的某个人尝试
https://mywebsite.com/try-me?ping=true&foo=bar
在 proxy_pass 之后创建的最终 URL 是:
https://some-domain.com?id=true&zone=false?ping=true&foo=bar
查询参数格式完全不正确。如何确保 Nginx附加以下列方式转发的任何查询参数:
id=true&zone=false&ping=true&foo=bar
我正面临一个奇怪的情况。我想加载一个位于 Nginx 后面的网页。所以我代理将网页请求传递给squid如下代码段所示:
location /about-me/yellow {
proxy_pass http://@squid/http://my-site.example.com/?nu=1&l=2;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Request-URI $request_uri;
proxy_redirect off;
}
当 URL/about-me/yellow被命中时,请求被转发到,squid但收到的请求是/http://my-site.example.com/?nu=1&l=2带有前导正斜杠的。为什么会这样?我得到的错误是INVALID_URI. 我错过了什么?这是我完整的 Nginx 配置。
upstream @squid {
server x.x.x.x:3128;
}
server {
root /public/; ## <-- Your only path reference.
index index.php;
server_name preprod.mygov.in;
listen 83;
add_header X-XSS-Protection "1; mode=block";
add_header X-Content-Type-Options nosniff;
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains;preload";
add_header 'Referrer-Policy' 'no-referrer-when-downgrade';
add_header X-Frame-Options "SAMEORIGIN";
add_header Content-Security-Policy upgrade-insecure-requests;
### Disable HTTP Methods
if ($request_method !~ ^(GET|HEAD|POST)$ )
{
return 405;
}
# Enable compression, this will help if you have for instance advagg module
# by serving Gzip versions of the files.
gzip_static on;
location ~ ^/s3/files/styles/ {
try_files $uri @rewrite;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location ~* \.(txt|log)$ {
allow 10.0.0.0/8;
deny all;
}
location ~* ^.+(\.(engine|inc|info|install|module|profile|po|sh|.*sql|theme|tpl(\.php)?|xtmpl)|code-style\.pl|/Entries.*|/Repository|/Root|/Tag|/Template)$ {
deny all;
}
location ~ \..*/.*\.php$ {
return 403;
}
location ~ ^/sites/(.+)\.(phtml|pl|py|jsp|asp|aspx|shtml|htm|sh|cgi|exe) {
deny all;
}
location ~ ^/sites/(.+)\.php$ {
deny all;
}
# No no for private
location ~ ^/sites/.*/private/ {
return 403;
}
# Block access to "hidden" files and directories whose names begin with a
# period. This includes directories used by version control systems such
# as Subversion or Git to store control files.
location ~ (^|/)\. {
return 403;
}
location / {
# This is cool because no php is touched for static content
try_files $uri @rewrite;
}
location ~ ^/s3/files/styles/ {
try_files $uri @rewrite;
}
location @rewrite {
# You have 2 options here
# For D7 and above:
# Clean URLs are handled in drupal_environment_initialize().
rewrite ^ /index.php;
# For Drupal 6 and bwlow:
# Some modules enforce no slash (/) at the end of the URL
# Else this rewrite block wouldn't be needed (GlobalRedirect)
#rewrite ^/(.*)$ /index.php?q=$1;
}
fastcgi_connect_timeout 200;
fastcgi_send_timeout 200;
fastcgi_read_timeout 200;
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $request_filename;
#fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_intercept_errors on;
#fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_pass 127.0.0.1:9000;
}
location ~ ^/sites/.*/files/styles/ {
try_files $uri @rewrite;
}
location ~* \.(css|png|jpg|jpeg|gif|ico)$ {
expires max;
log_not_found off;
}
location ~* \.(js|json)$ {
expires 1d;
log_not_found off;
}
location ~* \.(svg|woff|woff2)$ {
expires 30d;
log_not_found off;
}
location ~* \.(eot|ttf|woff|woff2)$ {
add_header Access-Control-Allow-Origin *;
}
location /about-me/yellow {
proxy_pass http://@squid/http://my-site.example.com/?wid=675&lang=bn;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Request-URI $request_uri;
proxy_redirect off;
}
}
错误截图:
这不是将请求转发给 squid 的正确方法吗?有什么我想念的吗?