NGINX NGINX Trac 3rd Party Modules Security Advisories CHANGES OpenResty ngx_lua Tengine 在线学习资源 NGINX 开发从入门到精通 NGINX Modules ngx_echo
这是一个创建于 1258 天前的主题,其中的信息可能已经有所发展或是发生改变。
背景:
- 已签名 let's encrypt 证书
- 已启动 vaultwarden/server docker 容器
需求:
- 当访问 my_domain.com 或者 www.my_domain.com 时,响应对应的 index.html
- 当访问 bitwarden.my_domain.com 时,展示对应的自建 bitwarden 服务
遇到的问题: 需求 1 - 正常,需求 2 - 页面报错,状态码 502
代码:
# etc/nginx/sites-available/my_domain.com server { root /var/www/my_domain.com/html; index index.html index.htm index.nginx-debian.html; server_name my_domain.com www.my_domain.com; location / { try_files $uri $uri/ =404; } listen [::]:443 ssl ipv6Only=on; # managed by Certbot listen 443 ssl; # managed by Certbot ssl_certificate /etc/letsencrypt/live/my_domain.com/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/my_domain.com/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { if ($host = www.my_domain.com) { return 301 https://$host$request_uri; } # managed by Certbot if ($host = my_domain.com) { return 301 https://$host$request_uri; } # managed by Certbot listen 80; listen [::]:80; server_name my_domain.com www.my_domain.com; return 404; # managed by Certbot } server { listen 443 ssl http2; server_name bitwarden.my_domain.com; # Specify SSL config if using a shared one. #include conf.d/ssl/ssl.conf; include /etc/letsencrypt/options-ssl-nginx.conf; # Allow large attachments client_max_body_size 128M; location / { proxy_pass http://127.0.0.1:8087; proxy_http_version 1.1; proxy_cache_bypass $http_upgrade; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; } location /notifications/hub { proxy_pass http://127.0.0.1:3012; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; } location /notifications/hub/negotiate { proxy_pass http://127.0.0.1:8087; } location /admin { proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_pass http://127.0.0.1:8087; } } 6 条回复 2022-05-07 18:26:11 +08:00
 | 1 codefever 2022-05-07 15:23:36 +08:00 使用 Nginx 的 proxy_pass ,可以拦截后端创建的错误和 HTTP 标头 |
 | 2 seers 2022-05-07 15:44:41 +08:00 via Android 直接访问 https://bitwarden 能放问吗,似乎是 80 没做跳转给这个子域名 |
 | 4 cccer 2022-05-07 15:59:26 +08:00 proxy_set_header Upgrade 和 proxy_set_header Connection 是代理 ws 才需要配置的,普通 http 请求不需要。三个路径直面只有 /notifications/hub 是 ws 服务。 我的配置 ``` location / { proxy_pass http://vaultwarden-default; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /notifications/hub { proxy_pass http://vaultwarden-ws; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; } location /notifications/hub/negotiate { proxy_pass http://vaultwarden-default; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } ``` |
 | 5 wrebjmns OP @cccer 我是根据 https://www.colinliu.cn/posts/26 这个来配置的。他这里开启了 WS |
 | 6 amrnxcdt 2022-05-07 18:26:11 +08:00 |
Select Language