• Nginx反向代理中使用proxy_redirect重定向url


    在使用Nginx做反向代理功能时,有时会出现重定向的url不是我们想要的url,这时候就可以使用proxy_redirect进行url重定向设置了。proxy_redirect功能比较强大,其作用是对发送给客户端的URL进行修改!!
    语法:proxy_redirect [ default|off|redirect replacement ];
    默认:proxy_redirect default;
    配置块(使用的字段):http、server、location
    当上游服务器返回的响应是重定向或刷新请求(如HTTP响应码是301或者302)时,proxy_redirect可以重设HTTP头部的location或refresh字段。

            location /login {
                proxy_pass http://target_servers/login ;
            }
    

    如果需要修改从被代理服务器传来的应答头中的"Location"和"Refresh"字段,这时候就可以用proxy_redirect这个指令设置。

    假设被代理服务器返回Location字段为http://localhost:8000/kevin/some/uri/
     
    proxy_redirect http://localhost:8000/kevin/ http://frontend/one/;
    将Location字段重写为http://frontend/one/some/uri/。
    在代替的字段中可以不写服务器名:
    
    proxy_redirect http://localhost:8000/kevin/ /;
    这样就使用服务器的基本名称和端口,即使它来自非80端口。
    如果使用"default"参数,将根据location和proxy_pass参数的设置来决定。
    
    
    例如下列两个配置等效:
    location /one/ {  
    proxy_pass       http://upstream:port/kevin/;  
    proxy_redirect   default;
    } 
    
    location /one/ {  
    proxy_pass       http://upstream:port/kevin/;  
    proxy_redirect   http://upstream:port/kevin/   /one/;
    }
    
    在指令中可以使用一些变量:
    proxy_redirect   http://localhost:8000/    http://$host:$server_port/;
    
    这个指令有时可以重复:
    proxy_redirect   default;  
    proxy_redirect   http://localhost:8000/    /;  
    proxy_redirect   ;  
    /;
    
    参数off将在这个字段中禁止所有的proxy_redirect指令:
    proxy_redirect   off;  
    
    利用这个指令可以为被代理服务器发出的相对重定向增加主机名:

    下面通过几个小实例来体验下proxy_redirect的使用效果:
    ==============================================================================

    假设当前nginx的访问地址为http://10.0.9:8080,如果kevin-inc又需要302到10.0.9/xxx
    那么可以添加下redirect,将302的location改为http://10.0.9:8080/xxx
    
    location /login {
                proxy_pass http://kevin-inc/login ;
                proxy_redirect http://10.0.9/ http://10.0.9:8080/;
            }
    
    --------------------------------
    host变量
    如果不想写死ip地址,可以使用nginx的变量
    
    location /login {
                proxy_pass http://kevin-inc/login ;
                proxy_redirect http://$host/ http://$http_host/;
            }
    
    其中host不带端口的,也就是nginx部署的主机ip,而$http_host是带端口的
    

    ==============================================================================

    server { 
           listen       80; 
           server_name  www.kevin.com; 
           location / { 
                proxy_pass http://10.0.8.40:9080; 
           } 
       }
    
    这段配置一般情况下都正常,但偶尔会出错, 抓包发现服务器给客户端的跳转指令里加了端口号,如Location: http://www.kevin.com:9080/abc.html 。
    因为nginx服务器侦听的是80端口,所以这样的URL给了客户端,必然会出错.
    针对这种情况, 加一条proxy_redirect指令: proxy_redirect http://www.kevin.com:9080/ / ,即把所有"http://www.kevin.com:9080/"的内容替换成
    "/"再发给客户端,就解决了。 
    
    server { 
           listen       80; 
           server_name  www.kevin.com; 
           proxy_redirect http://www.kevin.com:9080/ /; 
           location / { 
                proxy_pass http://10.0.8.40:9080; 
           } 
       } 
    

    ==============================================================================

    前端的Nginx负责把http://www.kevin.com/grace/Server/开头的url反向代理到后端的http://10.0.8.40/Server/上。
    对于有完整的路径,如http://www.kevin.com/grace/Server/的代理没有问题,Server对应后台服务器的一个目录。
    
    但当访问http://www.kevin.com/grace/Server时,后端Nginx会发送一个301到/上,于是返回到前端后URL变成了http://www.kevin.com/Server/,这个url显然不是我们想要的。
    
    在Apache中有个ProxyPassReverse的参数,用来调整反向代理服务器发送的http应答头的url,可以解决这个问题。
    在Nginx代理配置,可以使用proxy_redirect这个参数,它实现的功能和ProxyPassReverse类似,例如增加如下配置:
    
    location ^~ /grace  {  
        proxy_pass http://10.0.8.40/;  
        proxy_redirect http://www.kevin.com/ /grace/;  
    }  
    

    ==============================================================================
    如下启用了proxy_redirect配置(http->https),配置中就不需要"proxy_set_header Host $host;",即不需要"添加发往后端服务器的请求头"的配置了

    [root@external-lb01 vhosts]# cat 80-www.kevin.com.conf
    server {
            listen       80;
            server_name  www.kevin.com kevin.com;
    
            access_log  /data/nginx/logs/www.kevin.com-access.log main;
            error_log  /data/nginx/logs/www.kevin.com-error.log;
    
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   html;
            }
    
            return      301 https://$server_name$request_uri;
    }
    
    
    
    [root@external-lb01 ~]# cat /data/nginx/conf/vhosts/443-www.kevin.com.conf.bak
    upstream scf_cluster {
        ip_hash;
        server 192.168.10.20:9020;
        server 192.168.10.21:9020;
        }
    upstream portal_cluster {
        ip_hash;
        server 192.168.10.20:9040;
        server 192.168.10.21:9040;
        }
    upstream file_cluster{
        ip_hash;
        server 192.168.10.20:9020;
        }
    upstream workflow_cluster{
        ip_hash;
        server 192.168.10.20:9020;
        server 192.168.10.21:9020;
        }
    upstream batch_cluster{
        server 192.168.10.20:9020;
        server 192.168.10.21:9020;
        }
      
    server {
            listen       443;
            server_name  www.kevin.com kevin.com;
      
            ssl on;
            ssl_certificate /data/nginx/conf/ssl/kevin.cer;
            ssl_certificate_key /data/nginx/conf/ssl/kevin.key;
            ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
            ssl_session_cache    shared:SSL:1m;
            ssl_session_timeout  5m;
            ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
            ssl_prefer_server_ciphers  on;
      
            access_log  /data/nginx/logs/www.kevin.com-access.log main;
            error_log  /data/nginx/logs/www.kevin.com-error.log;
      
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   html;
            }
      
      
            location /scf {
                proxy_pass http://scf_cluster/scf;
                proxy_redirect  http://scf_cluster/scf https://www.kevin.com/scf;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_connect_timeout 300;
                proxy_send_timeout 300;
                proxy_read_timeout 600;
                proxy_buffer_size 256k;
                proxy_buffers 4 256k;
                proxy_busy_buffers_size 256k;
                proxy_temp_file_write_size 256k;
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
                proxy_max_temp_file_size 128m;
      
            }
      
      
           location / {
                proxy_pass http://portal_cluster/portal-pc/;
                proxy_redirect  http://portal_cluster/portal-pc/ https://www.kevin.com/;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_connect_timeout 300;
                proxy_send_timeout 300;
                proxy_read_timeout 600;
                proxy_buffer_size 256k;
                proxy_buffers 4 256k;
                proxy_busy_buffers_size 256k;
                proxy_temp_file_write_size 256k;
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
                proxy_max_temp_file_size 128m;
      
            }
      
            location /msdp-file {
                proxy_pass http://file_cluster/msdp-file;
                proxy_redirect  http://file_cluster/msdp-file https://www.kevin.com/msdp-file;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_connect_timeout 300;
                proxy_send_timeout 300;
                proxy_read_timeout 600;
                proxy_buffer_size 256k;
                proxy_buffers 4 256k;
                proxy_busy_buffers_size 256k;
                proxy_temp_file_write_size 256k;
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
                proxy_max_temp_file_size 128m;
      
            }
              
        location /upload {
                proxy_pass http://file_cluster/upload;
                proxy_redirect  http://file_cluster/upload https://www.kevin.com/upload;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_connect_timeout 300;
                proxy_send_timeout 300;
                proxy_read_timeout 600;
                proxy_buffer_size 256k;
                proxy_buffers 4 256k;
                proxy_busy_buffers_size 256k;
                proxy_temp_file_write_size 256k;
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
                proxy_max_temp_file_size 128m;
      
            }
              
            location /activiti-workflow-console {
                proxy_pass http://workflow_cluster/activiti-workflow-console;
                proxy_redirect  http://workflow_cluster/activiti-workflow-console https://www.kevin.com/activiti-workflow-console;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_connect_timeout 300;
                proxy_send_timeout 300;
                proxy_read_timeout 600;
                proxy_buffer_size 256k;
                proxy_buffers 4 256k;
                proxy_busy_buffers_size 256k;
                proxy_temp_file_write_size 256k;
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
                proxy_max_temp_file_size 128m;
      
            }
        location /batch-framework-web {
                proxy_pass http://batch_cluster/batch-framework-web;
                proxy_redirect  http://batch_cluster/batch-framework-web https://www.kevin.com/batch-framework-web;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_connect_timeout 300;
                proxy_send_timeout 300;
                proxy_read_timeout 600;
                proxy_buffer_size 256k;
                proxy_buffers 4 256k;
                proxy_busy_buffers_size 256k;
                proxy_temp_file_write_size 256k;
                proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
                proxy_max_temp_file_size 128m;
      
            }
    }
    

    ===============================================================================
    在看下nginx中非80端口的转发,注意:当端口是非80时,proxy_set_header项的$host后面一定要加上端口

    如下,当http通过proxy_pass到非80端口的做法:
    [root@external-lb01 vhosts]# cat mobi.kevin.com.conf 
    upstream mobi_cluster{
        server 10.0.54.20:8080;
        }
    
    server {
            listen       80;
            server_name  mobi.kevin.com;
    
          access_log  /data/nginx/logs/mobi.kevin.com-access.log main;
          error_log  /data/nginx/logs/mobi.kevin.com-error.log;
    
        location / {
                proxy_pass http://mobi_cluster;
                proxy_set_header Host $host;
                proxy_redirect  http://mobi_cluster/ http://mobi.kevin.com/;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            } 
            error_page   500 502 503 504  /50x.html;
            location = /50x.html {
                root   html;
            } 
    }
    

    =========================================================================
    再看一个匹配上下文的代理配置

    [root@uatinner-lb01 vhosts]# cat /opt/uatbob-vfc.kevin.com.conf 
    server {
          listen      443;
          server_name uatbob-vfc.kevin.com;
    
          ssl on;
          ssl_certificate /data/nginx/conf/ssl/ssl.kevin.com.crt;
          ssl_certificate_key /data/nginx/conf/ssl/ssl.kevin.com.key;
          ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
          ssl_session_cache    shared:SSL:1m;
          ssl_session_timeout  5m;
          ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
          ssl_prefer_server_ciphers  on;
        
          access_log  /data/nginx/logs/uatbob-vfc.kevin.com-access.log main;
          error_log  /data/nginx/logs/uatbob-vfc.kevin.com-error.log;
        
     location /devxcd/ {
             proxy_pass http://172.16.50.16:50002/;
             proxy_redirect off ;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header REMOTE-HOST $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_connect_timeout 300;
             proxy_send_timeout 300;
             proxy_read_timeout 600;
             proxy_buffer_size 256k;
             proxy_buffers 4 256k;
             proxy_busy_buffers_size 256k;
             proxy_temp_file_write_size 256k;
             proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
             proxy_max_temp_file_size 128m;
             #proxy_cache mycache;                                
             #proxy_cache_valid 200 302 1h; 
             #proxy_cache_valid 301 1d;
             #proxy_cache_valid any 1m;
            }
    
     location /fvtxcd/ {
             proxy_pass http://172.16.50.75:50002/;
             proxy_redirect off ;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header REMOTE-HOST $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_connect_timeout 300;
             proxy_send_timeout 300;
             proxy_read_timeout 600;
             proxy_buffer_size 256k;
             proxy_buffers 4 256k;
             proxy_busy_buffers_size 256k;
             proxy_temp_file_write_size 256k;
             proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
             proxy_max_temp_file_size 128m;
             #proxy_cache mycache;                                
             #proxy_cache_valid 200 302 1h; 
             #proxy_cache_valid 301 1d;
             #proxy_cache_valid any 1m;
            }
    
     location /uatxcd/ {
             proxy_pass http://172.16.50.184:50002/;
             proxy_redirect off ;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header REMOTE-HOST $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_connect_timeout 300;
             proxy_send_timeout 300;
             proxy_read_timeout 600;
             proxy_buffer_size 256k;
             proxy_buffers 4 256k;
             proxy_busy_buffers_size 256k;
             proxy_temp_file_write_size 256k;
             proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
             proxy_max_temp_file_size 128m;
             #proxy_cache mycache;                                
             #proxy_cache_valid 200 302 1h; 
             #proxy_cache_valid 301 1d;
             #proxy_cache_valid any 1m;
            }
    
     location  /devxcd/xcdcomment/ {
             proxy_pass http://172.16.50.73:9997/;
            }
    
     location  /fvtxcd/xcdcomment/  {
             proxy_pass http://172.16.50.73/9997/;
            }
    
     location  /uatxcd/xcdcomment/  {
             proxy_pass http://172.16.50.73/9997/;
            }
    }
    
    
    上面配置匹配/devxcd/xcdcomment/, /fvtxcd/xcdcomment/, /uatxcd/xcdcomment/的上下文代理后, 访问:
    https://uatbob-vfc.kevin.com/devxcd/xcdcomment/images/example_doorPlate.jpg    访问正常打开
    https://uatbob-vfc.kevin.com/fvtxcd/xcdcomment/images/example_doorPlate.jpg    访问出现404
    https://uatbob-vfc.kevin.com/uatxcd/xcdcomment/images/example_doorPlate.jpg    访问出现404
    
    解决: 添加proxy_redirect配置项
    
    修改后的配置
    [root@uatinner-lb01 vhosts]# cat uatbob-vfc.kevin.com.conf      
    server {
          listen      443;
          server_name uatbob-vfc.kevin.com;
    
          ssl on;
          ssl_certificate /data/nginx/conf/ssl/ssl.kevin.com.crt;
          ssl_certificate_key /data/nginx/conf/ssl/ssl.kevin.com.key;
          ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
          ssl_session_cache    shared:SSL:1m;
          ssl_session_timeout  5m;
          ssl_ciphers  ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE;
          ssl_prefer_server_ciphers  on;
        
          access_log  /data/nginx/logs/uatbob-vfc.kevin.com-access.log main;
          error_log  /data/nginx/logs/uatbob-vfc.kevin.com-error.log;
        
     location /devxcd/ {
             proxy_pass http://172.16.50.16:50002/;
             proxy_redirect off ;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header REMOTE-HOST $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_connect_timeout 300;
             proxy_send_timeout 300;
             proxy_read_timeout 600;
             proxy_buffer_size 256k;
             proxy_buffers 4 256k;
             proxy_busy_buffers_size 256k;
             proxy_temp_file_write_size 256k;
             proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
             proxy_max_temp_file_size 128m;
             #proxy_cache mycache;                                
             #proxy_cache_valid 200 302 1h; 
             #proxy_cache_valid 301 1d;
             #proxy_cache_valid any 1m;
            }
    
     location /fvtxcd/ {
             proxy_pass http://172.16.50.75:50002/;
             proxy_redirect off ;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header REMOTE-HOST $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_connect_timeout 300;
             proxy_send_timeout 300;
             proxy_read_timeout 600;
             proxy_buffer_size 256k;
             proxy_buffers 4 256k;
             proxy_busy_buffers_size 256k;
             proxy_temp_file_write_size 256k;
             proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
             proxy_max_temp_file_size 128m;
             #proxy_cache mycache;                                
             #proxy_cache_valid 200 302 1h; 
             #proxy_cache_valid 301 1d;
             #proxy_cache_valid any 1m;
            }
    
     location /uatxcd/ {
             proxy_pass http://172.16.50.184:50002/;
             proxy_redirect off ;
             proxy_set_header Host $host;
             proxy_set_header X-Real-IP $remote_addr;
             proxy_set_header REMOTE-HOST $remote_addr;
             proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
             proxy_connect_timeout 300;
             proxy_send_timeout 300;
             proxy_read_timeout 600;
             proxy_buffer_size 256k;
             proxy_buffers 4 256k;
             proxy_busy_buffers_size 256k;
             proxy_temp_file_write_size 256k;
             proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
             proxy_max_temp_file_size 128m;
             #proxy_cache mycache;                                
             #proxy_cache_valid 200 302 1h; 
             #proxy_cache_valid 301 1d;
             #proxy_cache_valid any 1m;
            }
    
     location  /devxcd/xcdcomment/ {
            proxy_pass http://172.16.50.73:9997/;
            proxy_redirect  http://http://172.16.50.73:9997/ https://uatbob-vfc.kevin.com/devxcd/xcdcomment/;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_connect_timeout 300;
            proxy_send_timeout 300;
            proxy_read_timeout 600;
            proxy_buffer_size 256k;
            proxy_buffers 4 256k;
            proxy_busy_buffers_size 256k;
            proxy_temp_file_write_size 256k;
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
            proxy_max_temp_file_size 128m;
            }
    
     location  /fvtxcd/xcdcomment/  {
            proxy_pass http://172.16.50.73:9997/;
            proxy_redirect  http://http://172.16.50.73:9997/ https://uatbob-vfc.kevin.com/fvtxcd/xcdcomment/;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_connect_timeout 300;
            proxy_send_timeout 300;
            proxy_read_timeout 600;
            proxy_buffer_size 256k;
            proxy_buffers 4 256k;
            proxy_busy_buffers_size 256k;
            proxy_temp_file_write_size 256k;
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
            proxy_max_temp_file_size 128m;
            }
    
     location  /uatxcd/xcdcomment/  {
            proxy_pass http://172.16.50.73:9997/;
            proxy_redirect  http://http://172.16.50.73:9997/ https://uatbob-vfc.kevin.com/uatxcd/xcdcomment/;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_connect_timeout 300;
            proxy_send_timeout 300;
            proxy_read_timeout 600;
            proxy_buffer_size 256k;
            proxy_buffers 4 256k;
            proxy_busy_buffers_size 256k;
            proxy_temp_file_write_size 256k;
            proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404;
            proxy_max_temp_file_size 128m;
            }
    }
    
    修改后, 访问:
    https://uatbob-vfc.kevin.com/devxcd/xcdcomment/images/example_doorPlate.jpg    访问正常打开
    https://uatbob-vfc.kevin.com/fvtxcd/xcdcomment/images/example_doorPlate.jpg    访问正常打开
    https://uatbob-vfc.kevin.com/uatxcd/xcdcomment/images/example_doorPlate.jpg    访问正常打开
  • 相关阅读:
    【每日更新】【Redis学习】
    【转】RabbitMQ基础——和——持久化机制
    【转】重写Equals为什么要同时重写GetHashCode
    .net WebApi中使用swagger生成WepApi集成测试工具
    【深度好文】多线程之WaitHandle-->派生EventWaitHandle事件构造-》AutoResetEvent、ManualResetEvent
    C#编码问题以及C#往Mysql插数据编码问题
    HTTP methods 与 RESTful API
    Facebook币Libra学习-6.发行属于自己的代币Token案例(含源码)
    Facebook币Libra学习-5.Move组织目录
    Facebook币Libra学习-4.新的智能合约语言Move入门
  • 原文地址:https://www.cnblogs.com/kevingrace/p/8073646.html
Copyright © 2020-2023  润新知