阻止 NGINX 移除端口
Posted
技术标签:
【中文标题】阻止 NGINX 移除端口【英文标题】:Prevent NGINX to remove the port 【发布时间】:2017-01-23 22:53:21 【问题描述】:我想在重写时动态保留 ServerName 和 Port: 假设防火墙将端口 8081 重定向到 80。 因此,如果我使用“192.168.1.123/frontend”或“my.domain.tld:8081/frontend”访问网络服务器,我应该重定向到“192.168.1.123/frontend/”或“my.domain.tld: 8081/前端/"
如果我使用普通的redirect rewrite ^(.*[^/])$ $1/ permanent;
并使用端口 8081 访问,则该端口被删除。
(我已经试过port_in_redirect off;
)
我几乎使用默认配置:
server
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.php index.html index.htm index.nginx-debian.html;
server_name _;
rewrite ^(.*[^/])$ $1/ permanent;
location /
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
location ~ \.php$
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
谢谢你的期待!
解决方案: 感谢 NGINX 邮件列表! 我用重写规则解决了这个问题:
if (-d $request_filename)
rewrite [^/]$ $scheme://$http_host$uri/ permanent;
【问题讨论】:
Nginx 不知道请求中有端口。所以,你无法阻止它。但是您可以改为重定向到完整的 uri 无论如何让防火墙将端口8081重定向到80是一个奇怪的想法 @AlexeyTen 为什么nginx不知道有端口?如果我使用 my.domain.tld:8081/frontend/ nginx 访问该网站,则不会删除端口,只有在我访问末尾没有斜杠的情况下才会删除端口 Nginx 不会删除端口,因为它不会重定向您。它不在乎您在浏览器中看到的内容。但它接受端口 80 上的连接,这是 nginx 知道的唯一端口。当您访问不带斜线的 url 时,nginx 会将您重定向到带斜线的 url,此时它生成的 url 不带端口(因为默认为 80)。 【参考方案1】:我终于找到了解决您所描述的问题的方法。我使它与 URL 重写一起工作,但它似乎有点矫枉过正。
所以,对于任何有同样问题的人,似乎最干净的解决方案是替换这个:
proxy_set_header Host $host;
有了这个:
proxy_set_header Host $http_host;
通过此设置,无论您的防火墙配置如何,Nginx 都会将端口保留在您的重定向中。
希望这会有所帮助。干杯!
【讨论】:
您好,请问这是什么解释?我很感兴趣它为什么起作用 也为我工作并解决了我的问题?,由于缺少斜线尾而导致 oAuth 重定向 localhost:8000 进入 localhost ...现在按预期工作。【参考方案2】:我的一大块...大约文件的 1/3... /etc/nginx/sites-enabled/Site.conf
可能会在这里看到一些有用的东西...一切正常...我的 nginx 已调好。 我的 ssl 也得到了 100% 的全面覆盖,而且我公开的端口有很长的复杂密码,我必须写下来记住,或者只有开发和测试垃圾不会造成任何伤害。但仍然.. 被遮蔽了,所以你可以把自己的值放进去。
####################################################
upstream dev
server 127.0.0.1://port// weight=1 fail_timeout=300s;
keepalive 16;
####################################################
upstream l33t
server 127.0.0.1://port// weight=1 fail_timeout=300s;
keepalive 16;
####################################################
upstream authserver
server 127.0.0.1://PORT// weight=1 fail_timeout=300s;
keepalive 16;
#######################
# whereyougoing :80 #
#######################
#nowhere.. you're going.... nowhere...
######################
# - FORCE HTTPS - #
######################
server
listen 80;
server_name YOURSITE.COM;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://YOURSITE.COM permanent;
server
listen 80;
server_name www.YOURSITE.COM;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://www.YOURSITE.COM permanent;
server
listen 80;
server_name auth.YOURSITE.COM;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://auth.YOURSITE.COM permanent;
server
listen 80;
server_name its.YOURSITE.COM;
add_header Strict-Transport-Security max-age=2592000;
rewrite ^/.*$ https://its.YOURSITE.COM permanent;
######################################################
############# SSL SERVER starts here ###############
######################################################
server
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name YOURSITE.COM www.YOURSITE.COM auth.YOURSITE.COM its.YOURSITE.COM;
root /var/www/wordpress;
index index.php index.htm index.html;
access_log /var/log/nginx/rocketstack_ssl_access.log;
error_log /var/log/nginx/rocketstack_ssl_error.log;
#######################################
# Lock it down #
#######################################
# SSL certificate locations
ssl_certificate /etc/letsencrypt/live/YOURSITE.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOURSITE.COM/privkey.pem;
# Exclusions
include snippets/exclusions.conf;
# Security
include snippets/security.conf;
include snippets/ssl.conf;
# Fastcgi cache rules
include snippets/fastcgi-cache.conf;
include snippets/limits.conf;
include snippets/nginx-cloudflare.conf;
############################################
# port-authority #
############################################
if (-d $request_filename)
rewrite [^/]$ $scheme://$http_host$uri/ permanent;
############################################
# Locations #
############################################
location /
try_files $uri $uri/ /index.php?$args;
location /FOO
alias /var/www/devl;
index index.php index.html index.htm;
try_files $uri $uri/ /index.php?$args;
autoindex on;
location /BAR
proxy_set_header Origin http://$host;
proxy_set_header Host $http_host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
################# Fastphp accelleration #############
location ~ \.php$
try_files $uri =404;
include snippets/fastcgi-params.conf;
fastcgi_pass unix:/run/php/php7.2-fpm.sock;
# Skip cache based on rules in snippets/fastcgi-cache.conf.
fastcgi_cache_bypass $skip_cache;
fastcgi_no_cache $skip_cache;
# Define memory zone for caching.
fastcgi_cache rocketstack;
# Define caching time.
fastcgi_cache_valid 60m;
#increase timeouts
fastcgi_read_timeout 3000;
fastcgi_connect_timeout 3000;
fastcgi_send_timeout 3000;
proxy_read_timeout 3000;
proxy_connect_timeout 3000;
proxy_send_timeout 3000;
send_timeout 3000;
# Flexible SSL to be used So the server can talk non-ssl internally
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-NginX-Proxy true;
##############################################
########### Server ends here ###########
########### ###########
########### Call upstream starts ###########
########### ###########
##############################################
#######################
# auth-serve #
#######################
server
listen 9001 ssl;
############# Lock it down ################
# SSL certificate locations
ssl_certificate /etc/letsencrypt/live/YOURSITE.COM/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/YOURSITE.COM/privkey.pem;
# Exclusions
include snippets/exclusions.conf;
# Security
include snippets/security.conf;
include snippets/ssl.conf;
# Fastcgi cache rules
include snippets/fastcgi-cache.conf;
include snippets/limits.conf;
include snippets/nginx-cloudflare.conf;
########### Send to Location upstream ##############
location /authserver
proxy_redirect /* /$1;
proxy_pass http://authserver/;
proxy_set_header Origin $host;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
【讨论】:
以上是关于阻止 NGINX 移除端口的主要内容,如果未能解决你的问题,请参考以下文章
Github SSH 通过研究所代理,端口 22 和端口 443 被阻止