类似 Minio 的 S3 服务器错误请求前的 nginx 代理

nginx proxy in front of Minio-like S3 server bad request

我的实验室本地网络上有一个类似 Minio 的 S3 服务器,该服务器在 LAN 上本地公开,可通过 http://s3.corph.mouradcloud.com 访问 这个 Minio 公开了用于对象存储的 S3 API。出于安全和性能目的,我添加了 nginx 代理,我想将其作为 http://s3.mouradcloud.com

公开给互联网

本地访问在 http://s3.corph.mouradcloud.com 上工作正常,但是,我一直收到错误的请求消息和一条奇怪的消息,告诉我请求已发送到 https.. 而目前一切都只是 Http。

我使用了minio的文档here and alos tried the Whosebug thread here

两种解决方案均无效。

这是我的 Nginx 配置:

    server {
     listen 80;
     server_name s3.mouradcloud.com;
     access_log /var/log/nginx/s3.mouradcloud.access.log ;
     error_log /var/log/nginx/s3.mouradcloud.errot.log debug;
     ignore_invalid_headers off;
     client_max_body_size 0;
     proxy_buffering off;

     location / {
       proxy_set_header X-Real-IP $remote_addr;
       proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header X-Forwarded-Proto $scheme;
       proxy_set_header Host $http_host;
       proxy_connect_timeout 300;
       proxy_http_version 1.1;
       proxy_set_header Connection "";
       chunked_transfer_encoding off;
       proxy_pass http://s3.corph.mouradcloud.com;
     }

    }

这是简单浏览器获取请求收到的错误日志:

        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "Host: s3.mouradcloud.com"
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0"
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "Accept-Language: en-US,en;q=0.5"
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "Accept-Encoding: gzip, deflate"
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "Connection: keep-alive"
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "Upgrade-Insecure-Requests: 1"
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header done
        2020/03/25 16:47:50 [info] 29649#29649: *11110 client sent plain HTTP request to HTTPS port while reading client request headers, client: 176.187.156.60, server: s3.mouradcloud.com, request: "GET / HTTP/1.1", host: "s3.mouradcloud.com"
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http finalize request: 497, "/?" a:1, c:1
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 event timer del: 7: 353020654
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http special response: 497, "/?"
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http set discard body
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 xslt filter header
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 HTTP/1.1 400 Bad Request
        Server: nginx/1.14.0 (Ubuntu)
        Date: Wed, 25 Mar 2020 16:47:50 GMT
        Content-Type: text/html
        Content-Length: 280
        Connection: close

        2020/03/25 16:47:50 [debug] 29649#29649: *11110 write new buf t:1 f:0 0000556138469CB0, pos 0000556138469CB0, size: 161 file: 0, size: 0
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http write filter: l:0 f:0 s:161
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http output filter "/?"
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http copy filter: "/?"
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 image filter
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 xslt filter body
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http postpone filter "/?" 00005561384ECE10
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 write old buf t:1 f:0 0000556138469CB0, pos 0000556138469CB0, size: 161 file: 0, size: 0
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 write new buf t:0 f:0 0000000000000000, pos 0000556137684D60, size: 218 file: 0, size: 0
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 write new buf t:0 f:0 0000000000000000, pos 00005561376860A0, size: 62 file: 0, size: 0
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http write filter: l:1 f:0 s:441
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http write filter limit 0
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 writev: 441 of 441
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http write filter 0000000000000000
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http copy filter: 0 "/?"
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http finalize request: 0, "/?" a:1, c:1
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http request count:1 blk:0
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http close request
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 http log handler
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 free: 0000556138468E90, unused: 0
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 free: 00005561384ECA30, unused: 2848
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 close http connection: 7
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 reusable connection: 0
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 free: 00005561384BAB80
        2020/03/25 16:47:50 [debug] 29649#29649: *11110 free: 00005561384437C0, unused: 136
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header: "Host: s3.mouradcloud.com"
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header: "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0"
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header: "Accept: image/webp,*/*"
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header: "Accept-Language: en-US,en;q=0.5"
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header: "Accept-Encoding: gzip, deflate"
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header: "Connection: keep-alive"
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header done
        2020/03/25 16:47:50 [info] 29649#29649: *11111 client sent plain HTTP request to HTTPS port while reading client request headers, client: 176.187.156.60, server: s3.mouradcloud.com, request: "GET /favicon.ico HTTP/1.1", host: "s3.mouradcloud.com"
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http finalize request: 497, "/favicon.ico?" a:1, c:1
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 event timer del: 15: 353020666
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http special response: 497, "/favicon.ico?"
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http set discard body
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 xslt filter header
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 HTTP/1.1 400 Bad Request
        Server: nginx/1.14.0 (Ubuntu)
        Date: Wed, 25 Mar 2020 16:47:50 GMT
        Content-Type: text/html
        Content-Length: 280
        Connection: close

        2020/03/25 16:47:50 [debug] 29649#29649: *11111 write new buf t:1 f:0 0000556138469C98, pos 0000556138469C98, size: 161 file: 0, size: 0
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http write filter: l:0 f:0 s:161
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http output filter "/favicon.ico?"
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http copy filter: "/favicon.ico?"
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 image filter
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 xslt filter body
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http postpone filter "/favicon.ico?" 0000556138469E78
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 write old buf t:1 f:0 0000556138469C98, pos 0000556138469C98, size: 161 file: 0, size: 0
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 write new buf t:0 f:0 0000000000000000, pos 0000556137684D60, size: 218 file: 0, size: 0
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 write new buf t:0 f:0 0000000000000000, pos 00005561376860A0, size: 62 file: 0, size: 0
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http write filter: l:1 f:0 s:441
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http write filter limit 0
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 writev: 441 of 441
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http write filter 0000000000000000
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http copy filter: 0 "/favicon.ico?"
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http finalize request: 0, "/favicon.ico?" a:1, c:1
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http request count:1 blk:0
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http close request
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 http log handler
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 free: 0000556138468E90, unused: 8
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 free: 00005561384ECA30, unused: 2853
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 close http connection: 15
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 reusable connection: 0
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 free: 00005561384BAB80
        2020/03/25 16:47:50 [debug] 29649#29649: *11111 free: 00005561384F3D50, unused: 136

好吧,我得到了答案。我使用了来自云服务器 scality 的解决方案,实际上这与后端存储有关。 实际上你必须添加:

  • Nginx 上的 SSL(使用 certbot 很容易)
  • 在scality的后端存储中,你必须:

    docker exec -it f8b1045ec132 bash
    cd conf/
    cat config.json
    rm config.json 
    json='{"port": 8000,"log": {"logLevel": "info","dumpLevel": "error"},"restEndpoints": {"localhost": "true","127.0            .0.1": "true","s3.mouradcloud.com": "true","s3.corph.mouradcloud.com": "true"  }}'
    echo $json > config.json
    exit # fron the container context 
    #stop and start the container again 
    docker stop f8b1045ec132 
    docker start f8b1045ec132