主页 / user-942987

Cyanmodex9's questions

Martin Hope
Cyanmodex9
Asked: 2022-02-14 04:46:00 +0800 CST
  • 0

我的 NGINX 配置有问题。我有两个在 Windows 服务器上运行的网络服务器。哪个是从外部调用的 443,然后应该转发到带有 41001 的服务器。第二个服务器块应该称为 FQDN,nginx 应该将它转发到 FQDN.com/test。内部和外部。

在第一个服务器块上,这需要永远加载,并且似乎没有任何效果。使用第二个服务器块,我得到了 404。

这是我的配置和错误日志的样子

server {
    server_name test.example.com;
    return 301 http://test.example.com/test$request_uri;
    }


server {
        listen  443 ssl http2;
        listen  [::]:443 ssl http2;
 
        access_log /var/log/nginx/test_service_access.log;
        error_log /var/log/nginx/test_service_error.log;

        ssl_certificate /etc/nginx/ssl/test.com.pem;
        ssl_certificate_key /etc/nginx/ssl/test.key;
        ssl_session_timeout 1d;
        ssl_session_tickets off;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-G>        ssl_prefer_server_ciphers off;

        location /test {
        proxy_pass https://10.10.10.10/test/;
        }

        client_max_body_size    0;
        proxy_connect_timeout   90s;
        proxy_send_timeout              90s;
        proxy_read_timeout              90s;
        send_timeout                    90;
    }

server {
        server_name test2.example.com;
        # Redirect all HTTP requests to HTTPS with a 301 Moved Permanently response.
        return 301 https://test2.example.com$request_uri;
}

server {
        listen  443 ssl http2;
        listen  [::]:443 ssl http2;
        server_name test2.example.com;

        access_log /var/log/nginx/test2_service_access.log;
        error_log /var/log/nginx/test2_service_error.log;

        ssl_certificate /etc/nginx/ssl/test2.example.com.pem;
        ssl_certificate_key /etc/nginx/ssl/test2example.key;

#       ssl_session_cache shared:SSL:50m;
        ssl_session_timeout 1d;
        ssl_session_tickets off;
        ssl_protocols TLSv1.2 TLSv1.3;
        ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-G>
        ssl_prefer_server_ciphers off;

        add_header Strict-Transport-Security max-age=15768000;

        location / {

#       resolver 10.150.10.10 8.8.8.8;
        proxy_pass https://test2.example.com:41001/;
        proxy_redirect  https://test2.example.com:41001/ https://test2.example.com/;

        client_max_body_size    0;
        proxy_connect_timeout   90s;
        proxy_send_timeout              90s;
        proxy_read_timeout              90s;
        send_timeout                    90;
        }
    }
}

我查看了error.logs,这就是出现的问题。

2022/02/13 12:54:58 [error] 2620#2620: *15 open() "/usr/share/nginx/html/DocuWare/Platform/LoginRedirect" failed (2: No such file or directory), client: xxx.xxx.xxx.xxx, server: , request: "GET /DocuWare/Platform/LoginRedirect?returnUrl=%2fdocuware%2fPlatform%2fWebClient%2f HTTP/2.0", host: "test2.domain.com", referrer: "https://test.domain.com/docuware/Platform/WebClient/"

2022/02/13 12:35:17 [error] 2541#2541: *1 upstream timed out (110: Connection timed out) while connecting to upstream, client:

关于第一个错误,我不明白到底是什么问题

据我了解,我需要为端口 41001 的服务器定义一个上游,对吗?

我在这里错过了什么吗?

更新

我已经将我的配置调整到最小,以便我可以测试它。如下我的配置看起来像这样

######################################################################
   upstream abacus {
      server 10.120.50.11; 
   }
   
   server {
      listen 80;
      server_name abacus.example.com;
      return 301 https://abacus.example.com$request_uri;
   }
    
   server {
      listen 443 ssl;
      server_name abacus.example.com;
      ssl_certificate /etc/nginx/ssl/xxx.com.pem;
      ssl_certificate_key /etc/nginx/ssl/xxx.key;
      ssl_protocols TLSv1.2 TLSv1.3;

      access_log /var/log/nginx/abacus_service_access.log;
      error_log /var/log/nginx/abacus_service_error.log;

   location / {
      proxy_pass http://abacus;
   }
}

#######################################################################
   upstream docuware {
      server 10.120.50.10; 
   }
   
   server {
      listen 80;
      server_name docuware.example.com;
      return 301 https://docuware.example.com$request_uri;
   }
   
   server {
      listen 443 ssl;
      server_name docuware.example.com;
      ssl_certificate /etc/nginx/ssl/xxx.pem;
      ssl_certificate_key /etc/nginx/ssl/xxx.key;
      ssl_protocols TLSv1.2 TLSv1.3;

      access_log /var/log/nginx/docuware_service_access.log;
      error_log /var/log/nginx/docuware_service_error.log;
      
   location / {
      proxy_pass http://docuware/docuware;
   }
}
}

当我访问服务器“abacus.example.com”时,我进入了 IIS 主页。所以在这里我必须定义我来自外部的 443 (HTTPS) 并且我被重定向到端口 23001。

如果我访问服务器“docuware.example.com/docuware”,我会收到 404 - 找不到文件或目录。所以在这里我必须以某种方式定义它可以使用子路径访问服务器。

在内部网络中,这可以正常工作。我被重定向到“docuware.example.com/DocuWare/Platform/WebClient/ClientAccount/xxx”。

你看到这里我需要调整什么了吗?几个小时以来,我一直在努力反对它。

log-files nginx nginx-reverse-proxy iis-8.5 external-connection
Martin Hope
Cyanmodex9
Asked: 2021-12-13 03:53:34 +0800 CST
  • 0

我在 debian 11 上配置了一个 nginx 反向代理,我可以从 Internet 访问带有子域的应用程序服务器。但是在内部网络上它不起作用。

保留代理与应用程序服务器 172.3.0.1/24 位于同一子网中。域控制器作为 DNS 输入。客户端位于不同的子网中,无法通过浏览器访问子域。客户端可以 ping 保留代理,但是当我使用 HTTPS 访问子域时,连接被拒绝。

所以主要目标是每个人都可以访问子域和从互联网到子域,具有特殊端口的子域和通过HTTPS。访问应该从 HTTP 重定向到 HTTPS,因为应用程序只支持端口 80。

我不明白问题是什么,或者我是否配置了错误。

我的配置的第一块

 server {
  listen 80;
  return 301 https://$host$request_uri;
 }

第二个

 server {

  listen 443 ssl;
  server_name somesubdomain.www.com;

  ssl_certificate           /etc/nginx/ssl/somesubdomain.pem;
  ssl_certificate_key       /etc/nginx/ssl/somesubdomain.key;

  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_protocols  TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
  ssl_prefer_server_ciphers on;

  access_log            /var/log/nginx/somesubdomainweb.www.com.access.log;

  location / {

  proxy_set_header        Host $host;
  proxy_set_header        X-Real-IP $remote_addr;
  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header        X-Forwarded-Proto $scheme;

  proxy_pass          http://172.3.0.x;
  proxy_read_timeout  90;

 }
}

以及我通过特殊端口访问的最后一个配置块

 server {

  listen 443 ssl;
  server_name somesubdomain.www.com:27000;

  ssl_certificate           /etc/nginx/ssl/somesubdomain.pem;
  ssl_certificate_key       /etc/nginx/ssl/somesubdomain.key;

  ssl_session_cache  builtin:1000  shared:SSL:10m;
  ssl_protocols  TLSv1.2;
  ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
  ssl_prefer_server_ciphers on;

  access_log            /var/log/nginx/somesubdomainpath.www.com.access.log;

  location / {

  proxy_set_header        Host $host;
  proxy_set_header        X-Real-IP $remote_addr;
  proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
  proxy_set_header        X-Forwarded-Proto $scheme;

  proxy_pass          http://172.3.0.13:27000;
  proxy_read_timeout  90;

 }
}

感谢您的帮助

windows linux networking nginx reverse-proxy