在使用Nginx做反向代理功能时,有时会出现重定向的url不是我们想要的url,这时候就可以使用proxy_redirect进行url重定向设置了。proxy_redirect功能比较强大,其作用是对发送给客户端的URL进行修改!!
语法:proxy_redirect [ default|off|redirect replacement ];
默认:proxy_redirect default;
配置块(使用的字段):http、server、location
当上游服务器返回的响应是重定向或刷新请求(如HTTP响应码是301或者302)时,proxy_redirect可以重设HTTP头部的location或refresh字段。
location /login { proxy_pass http://target_servers/login ; }
如果需要修改从被代理服务器传来的应答头中的"Location"和"Refresh"字段,这时候就可以用proxy_redirect这个指令设置。
假设被代理服务器返回Location字段为http://localhost:8000/kevin/some/uri/ proxy_redirect http://localhost:8000/kevin/ http://frontend/one/; 将Location字段重写为http://frontend/one/some/uri/。 在代替的字段中可以不写服务器名: proxy_redirect http://localhost:8000/kevin/ /; 这样就使用服务器的基本名称和端口,即使它来自非80端口。 如果使用"default"参数,将根据location和proxy_pass参数的设置来决定。 例如下列两个配置等效: location /one/ { proxy_pass http://upstream:port/kevin/; proxy_redirect default; } location /one/ { proxy_pass http://upstream:port/kevin/; proxy_redirect http://upstream:port/kevin/ /one/; } 在指令中可以使用一些变量: proxy_redirect http://localhost:8000/ http://$host:$server_port/; 这个指令有时可以重复: proxy_redirect default; proxy_redirect http://localhost:8000/ /; proxy_redirect ; /; 参数off将在这个字段中禁止所有的proxy_redirect指令: proxy_redirect off; 利用这个指令可以为被代理服务器发出的相对重定向增加主机名:
下面通过几个小实例来体验下proxy_redirect的使用效果:
==============================================================================
假设当前nginx的访问地址为http://10.0.9:8080,如果kevin-inc又需要302到10.0.9/xxx 那么可以添加下redirect,将302的location改为http://10.0.9:8080/xxx location /login { proxy_pass http://kevin-inc/login ; proxy_redirect http://10.0.9/ http://10.0.9:8080/; } -------------------------------- host变量 如果不想写死ip地址,可以使用nginx的变量 location /login { proxy_pass http://kevin-inc/login ; proxy_redirect http://$host/ http://$http_host/; } 其中host不带端口的,也就是nginx部署的主机ip,而$http_host是带端口的
==============================================================================
server { listen 80; server_name www.kevin.com; location / { proxy_pass http://10.0.8.40:9080; } } 这段配置一般情况下都正常,但偶尔会出错, 抓包发现服务器给客户端的跳转指令里加了端口号,如Location: http://www.kevin.com:9080/abc.html 。 因为nginx服务器侦听的是80端口,所以这样的URL给了客户端,必然会出错. 针对这种情况, 加一条proxy_redirect指令: proxy_redirect http://www.kevin.com:9080/ / ,即把所有"http://www.kevin.com:9080/"的内容替换成 "/"再发给客户端,就解决了。 server { listen 80; server_name www.kevin.com; proxy_redirect http://www.kevin.com:9080/ /; location / { proxy_pass http://10.0.8.40:9080; } }
==============================================================================
前端的Nginx负责把http://www.kevin.com/grace/Server/开头的url反向代理到后端的http://10.0.8.40/Server/上。 对于有完整的路径,如http://www.kevin.com/grace/Server/的代理没有问题,Server对应后台服务器的一个目录。 但当访问http://www.kevin.com/grace/Server时,后端Nginx会发送一个301到/上,于是返回到前端后URL变成了http://www.kevin.com/Server/,这个url显然不是我们想要的。 在Apache中有个ProxyPassReverse的参数,用来调整反向代理服务器发送的http应答头的url,可以解决这个问题。 在Nginx代理配置,可以使用proxy_redirect这个参数,它实现的功能和ProxyPassReverse类似,例如增加如下配置: location ^~ /grace { proxy_pass http://10.0.8.40/; proxy_redirect http://www.kevin.com/ /grace/; }
==============================================================================
如下启用了proxy_redirect配置(http->https),配置中就不需要"proxy_set_header Host $host;",即不需要"添加发往后端服务器的请求头"的配置了
[root@external-lb01 vhosts]# cat 80-www.kevin.com.conf server { listen 80; server_name www.kevin.com kevin.com; access_log /data/nginx/logs/www.kevin.com-access.log main; error_log /data/nginx/logs/www.kevin.com-error.log; error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } return 301 https://$server_name$request_uri; } [root@external-lb01 ~]# cat /data/nginx/conf/vhosts/443-www.kevin.com.conf.bak upstream scf_cluster { ip_hash; server 192.168.10.20:9020; server 192.168.10.21:9020; } upstream portal_cluster { ip_hash; server 192.168.10.20:9040; server 192.168.10.21:9040; } upstream file_cluster{ ip_hash; server 192.168.10.20:9020; } upstream workflow_cluster{ ip_hash; server 192.168.10.20:9020; server 192.168.10.21:9020; } upstream batch_cluster{ server 192.168.10.20:9020; server 192.168.10.21:9020; } server { listen 443; server_name www.kevin.com kevin.com; ssl on; ssl_certificate /data/nginx/conf/ssl/kevin.cer; ssl_certificate_key /data/nginx/conf/ssl/kevin.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE; ssl_prefer_server_ciphers on; access_log /data/nginx/logs/www.kevin.com-access.log main; error_log /data/nginx/logs/www.kevin.com-error.log; error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } location /scf { proxy_pass http://scf_cluster/scf; proxy_redirect http://scf_cluster/scf https://www.kevin.com/scf; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404; proxy_max_temp_file_size 128m; } location / { proxy_pass http://portal_cluster/portal-pc/; proxy_redirect http://portal_cluster/portal-pc/ https://www.kevin.com/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404; proxy_max_temp_file_size 128m; } location /msdp-file { proxy_pass http://file_cluster/msdp-file; proxy_redirect http://file_cluster/msdp-file https://www.kevin.com/msdp-file; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404; proxy_max_temp_file_size 128m; } location /upload { proxy_pass http://file_cluster/upload; proxy_redirect http://file_cluster/upload https://www.kevin.com/upload; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404; proxy_max_temp_file_size 128m; } location /activiti-workflow-console { proxy_pass http://workflow_cluster/activiti-workflow-console; proxy_redirect http://workflow_cluster/activiti-workflow-console https://www.kevin.com/activiti-workflow-console; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404; proxy_max_temp_file_size 128m; } location /batch-framework-web { proxy_pass http://batch_cluster/batch-framework-web; proxy_redirect http://batch_cluster/batch-framework-web https://www.kevin.com/batch-framework-web; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404; proxy_max_temp_file_size 128m; } }
===============================================================================
在看下nginx中非80端口的转发,注意:当端口是非80时,proxy_set_header项的$host后面一定要加上端口
如下,当http通过proxy_pass到非80端口的做法: [root@external-lb01 vhosts]# cat mobi.kevin.com.conf upstream mobi_cluster{ server 10.0.54.20:8080; } server { listen 80; server_name mobi.kevin.com; access_log /data/nginx/logs/mobi.kevin.com-access.log main; error_log /data/nginx/logs/mobi.kevin.com-error.log; location / { proxy_pass http://mobi_cluster; proxy_set_header Host $host; proxy_redirect http://mobi_cluster/ http://mobi.kevin.com/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } error_page 500 502 503 504 /50x.html; location = /50x.html { root html; } }
=========================================================================
再看一个匹配上下文的代理配置
[root@uatinner-lb01 vhosts]# cat /opt/uatbob-vfc.kevin.com.conf server { listen 443; server_name uatbob-vfc.kevin.com; ssl on; ssl_certificate /data/nginx/conf/ssl/ssl.kevin.com.crt; ssl_certificate_key /data/nginx/conf/ssl/ssl.kevin.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE; ssl_prefer_server_ciphers on; access_log /data/nginx/logs/uatbob-vfc.kevin.com-access.log main; error_log /data/nginx/logs/uatbob-vfc.kevin.com-error.log; location /devxcd/ { proxy_pass http://172.16.50.16:50002/; proxy_redirect off ; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404; proxy_max_temp_file_size 128m; #proxy_cache mycache; #proxy_cache_valid 200 302 1h; #proxy_cache_valid 301 1d; #proxy_cache_valid any 1m; } location /fvtxcd/ { proxy_pass http://172.16.50.75:50002/; proxy_redirect off ; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404; proxy_max_temp_file_size 128m; #proxy_cache mycache; #proxy_cache_valid 200 302 1h; #proxy_cache_valid 301 1d; #proxy_cache_valid any 1m; } location /uatxcd/ { proxy_pass http://172.16.50.184:50002/; proxy_redirect off ; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404; proxy_max_temp_file_size 128m; #proxy_cache mycache; #proxy_cache_valid 200 302 1h; #proxy_cache_valid 301 1d; #proxy_cache_valid any 1m; } location /devxcd/xcdcomment/ { proxy_pass http://172.16.50.73:9997/; } location /fvtxcd/xcdcomment/ { proxy_pass http://172.16.50.73/9997/; } location /uatxcd/xcdcomment/ { proxy_pass http://172.16.50.73/9997/; } } 上面配置匹配/devxcd/xcdcomment/, /fvtxcd/xcdcomment/, /uatxcd/xcdcomment/的上下文代理后, 访问: https://uatbob-vfc.kevin.com/devxcd/xcdcomment/images/example_doorPlate.jpg 访问正常打开 https://uatbob-vfc.kevin.com/fvtxcd/xcdcomment/images/example_doorPlate.jpg 访问出现404 https://uatbob-vfc.kevin.com/uatxcd/xcdcomment/images/example_doorPlate.jpg 访问出现404 解决: 添加proxy_redirect配置项 修改后的配置 [root@uatinner-lb01 vhosts]# cat uatbob-vfc.kevin.com.conf server { listen 443; server_name uatbob-vfc.kevin.com; ssl on; ssl_certificate /data/nginx/conf/ssl/ssl.kevin.com.crt; ssl_certificate_key /data/nginx/conf/ssl/ssl.kevin.com.key; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_session_cache shared:SSL:1m; ssl_session_timeout 5m; ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4:!DH:!DHE; ssl_prefer_server_ciphers on; access_log /data/nginx/logs/uatbob-vfc.kevin.com-access.log main; error_log /data/nginx/logs/uatbob-vfc.kevin.com-error.log; location /devxcd/ { proxy_pass http://172.16.50.16:50002/; proxy_redirect off ; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404; proxy_max_temp_file_size 128m; #proxy_cache mycache; #proxy_cache_valid 200 302 1h; #proxy_cache_valid 301 1d; #proxy_cache_valid any 1m; } location /fvtxcd/ { proxy_pass http://172.16.50.75:50002/; proxy_redirect off ; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404; proxy_max_temp_file_size 128m; #proxy_cache mycache; #proxy_cache_valid 200 302 1h; #proxy_cache_valid 301 1d; #proxy_cache_valid any 1m; } location /uatxcd/ { proxy_pass http://172.16.50.184:50002/; proxy_redirect off ; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header REMOTE-HOST $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404; proxy_max_temp_file_size 128m; #proxy_cache mycache; #proxy_cache_valid 200 302 1h; #proxy_cache_valid 301 1d; #proxy_cache_valid any 1m; } location /devxcd/xcdcomment/ { proxy_pass http://172.16.50.73:9997/; proxy_redirect http://http://172.16.50.73:9997/ https://uatbob-vfc.kevin.com/devxcd/xcdcomment/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404; proxy_max_temp_file_size 128m; } location /fvtxcd/xcdcomment/ { proxy_pass http://172.16.50.73:9997/; proxy_redirect http://http://172.16.50.73:9997/ https://uatbob-vfc.kevin.com/fvtxcd/xcdcomment/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404; proxy_max_temp_file_size 128m; } location /uatxcd/xcdcomment/ { proxy_pass http://172.16.50.73:9997/; proxy_redirect http://http://172.16.50.73:9997/ https://uatbob-vfc.kevin.com/uatxcd/xcdcomment/; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_connect_timeout 300; proxy_send_timeout 300; proxy_read_timeout 600; proxy_buffer_size 256k; proxy_buffers 4 256k; proxy_busy_buffers_size 256k; proxy_temp_file_write_size 256k; proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504 http_404; proxy_max_temp_file_size 128m; } } 修改后, 访问: https://uatbob-vfc.kevin.com/devxcd/xcdcomment/images/example_doorPlate.jpg 访问正常打开 https://uatbob-vfc.kevin.com/fvtxcd/xcdcomment/images/example_doorPlate.jpg 访问正常打开 https://uatbob-vfc.kevin.com/uatxcd/xcdcomment/images/example_doorPlate.jpg 访问正常打开