【发布时间】:2022-01-06 04:14:50
【问题描述】:
我正在 AWS 应用程序负载均衡器后面设置 Nginx 反向代理服务器。 之所以需要 Nginx,是因为我们需要一个 AWS ALB,而 Nginx 将为多个 Vhost 进行路由。
我可以访问该网站,但收到错误日志
[info] 7385#7385:342 客户端在读取客户端请求行时发送了无效请求,客户端:10.16.224.212,服务器:~(.).xyz.com,请求:“PROXY TCP4 10.16.224.212 10.16.224.212 39064 80"
nginx 虚拟主机配置
server {
listen *:80 default_server ;
server_name ~(.*).example.com;
if ($blocked_user_agents = 'global') {
return 444;
}
underscores_in_headers on;
index index.html index.htm index.php;
access_log /var/log/nginx/www-tier.access.log main_ext;
error_log /var/log/nginx/www-tier.error.log info;
location /market/admin {
root /usr/share/nginx/html;
index index.html index.htm index.php;
return 444;
}
location /admin {
root /usr/share/nginx/html;
index index.html index.htm index.php;
return 444;
}
location ~*\/data\/(photos_list|results).asp {
root /usr/share/nginx/html;
index index.html index.htm index.php;
if ($arg_manager_id = "") {
return 301 https://example.com/oil/data/;
}
return 301 https://example/oil/data/$arg_manager_id;
}
location /jobs/search_job_results.asp {
root /usr/share/nginx/html;
index index.html index.htm index.php;
return 301 https://example/jobs/search_jobs.asp$is_args$args;
}
location /shared_code/sitecheck.asp {
proxy_pass http://www-servers;
proxy_set_header Host health-check.example.com;
root /usr/share/nginx/html;
index index.html index.htm index.php;
}
location ~*\/(h|cms-rest|\.well-known)\/.* {
root /usr/share/nginx/html;
index index.html index.htm index.php;
proxy_pass http://rz-cms-servers;
}
location ~*^\/oil\/jobs(.*) {
if ($blocked_user_agents = 'jobs') {
return 444;
}
root /usr/share/nginx/html;
index index.html index.htm index.php;
proxy_http_version 1.1;
proxy_pass http://www-servers;
proxy_set_header Host $host;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header remote_addr $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
}
location ~*^\/oil\/data(.*) {
return 301 https://example.com;
root /usr/share/nginx/html;
index index.html index.htm index.php;
}
location ~*\/data\/offshore_drilling_rigs\/(.*) {
rewrite ^([^.]*[^/])$ $1/ permanent;
root /usr/share/nginx/html;
index index.html index.htm index.php;
rewrite \/data\/offshore_drilling_rigs\/(.*) /oil/data/offshore-rig-search/rig-profile/$1 permanent;
}
location / {
modsecurity on;
modsecurity_rules_file /etc/nginx/modsec/main.conf;
if ($scanner_cookie != 0) {
add_header Set-Cookie ZEUS_SCANNER=$scanner_cookie;
}
proxy_pass http://www-servers;
proxy_read_timeout 90;
proxy_connect_timeout 90;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header remote_addr $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
proxy_hide_header Server;
proxy_hide_header X-Powered-By;
proxy_hide_header X-AspNet-Version;
}
location ~*\/data\/(advanced_search|reports|photos).asp {
root /usr/share/nginx/html;
index index.html index.htm index.php;
return 301 https://example.com/oil/data/offshore-search/;
}
location ~*^\/jobs$|^\/jobs\/$|^\/jobs\/default.asp$ {
if ($blocked_user_agents = 'jobs') {
return 444;
}
root /usr/share/nginx/html;
index index.html index.htm index.php;
return 301 https://example.com/oil/jobs/;
}
location /data/detail.asp {
root /usr/share/nginx/html;
index index.html index.htm index.php;
if ($arg_rig_id = "") {
return 301 https://example.com/oil/data/offshoresearch/;
}
return 301 https://example.com/oil/data/offshore-search//$arg_rig_id;
}
location ~*\/data\/utilization_.* {
root /usr/share/nginx/html;
index index.html index.htm index.php;
return 301 https://example.com/oil/data/utilization/;
}
location /jobs/search_resume_results.asp {
root /usr/share/nginx/html;
index index.html index.htm index.php;
return 301 https://example.com/jobs/search_resume.asp$is_args$args;
}
location ~*^/(data)$|~*^/(data/) {
root /usr/share/nginx/html;
index index.html index.htm index.php;
return 301 https://example.com/oil/data/;
}
location /jobs/jobs_list_by_skill_cat.asp {
root /usr/share/nginx/html;
index index.html index.htm index.php;
return 301 https://example.com/oil/jobs/categories/;
}
location ~*^/(images|market/appimages|search/featured/images|training/images|training/heavyoil/flash|training/images)/(.*) {
root /usr/share/nginx/html;
index index.html index.htm index.php;
proxy_buffering off;
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_http_version 1.1;
proxy_ignore_headers Set-Cookie;
proxy_intercept_errors on;
proxy_pass http://s3-servers;
proxy_set_header Host dev-images.s3.amazonaws.com;
proxy_set_header Authorization "";
proxy_set_header Connection "";
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header remote_addr $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
}
location ~*\/investigation(|\/)$ {
root /usr/share/nginx/html;
index index.html index.htm index.php;
return 301 https://example.com/investigation.asp;
}
location ~*^/jobs/resumes(.*) {
root /usr/share/nginx/html;
index index.html index.htm index.php;
proxy_http_version 1.1;
proxy_pass http://www-servers;
proxy_set_header Host $host;
proxy_set_header Connection "";
proxy_set_header X-Real-IP $proxy_protocol_addr;
proxy_set_header remote_addr $proxy_protocol_addr;
proxy_set_header X-Forwarded-For $proxy_protocol_addr;
if ($has_internal_access != 'allowed') {
return 403;
}
}
}
【问题讨论】:
标签: nginx reverse-proxy nginx-reverse-proxy amazon-elb aws-application-load-balancer