类似 Minio 的 S3 服务器错误请求前的 nginx 代理
nginx proxy in front of Minio-like S3 server bad request
我的实验室本地网络上有一个类似 Minio 的 S3 服务器,该服务器在 LAN 上本地公开,可通过 http://s3.corph.mouradcloud.com 访问
这个 Minio 公开了用于对象存储的 S3 API。出于安全和性能目的,我添加了 nginx 代理,我想将其作为 http://s3.mouradcloud.com
公开给互联网
本地访问在 http://s3.corph.mouradcloud.com 上工作正常,但是,我一直收到错误的请求消息和一条奇怪的消息,告诉我请求已发送到 https.. 而目前一切都只是 Http。
我使用了minio的文档here and alos tried the Whosebug thread here
两种解决方案均无效。
这是我的 Nginx 配置:
server {
listen 80;
server_name s3.mouradcloud.com;
access_log /var/log/nginx/s3.mouradcloud.access.log ;
error_log /var/log/nginx/s3.mouradcloud.errot.log debug;
ignore_invalid_headers off;
client_max_body_size 0;
proxy_buffering off;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://s3.corph.mouradcloud.com;
}
}
这是简单浏览器获取请求收到的错误日志:
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "Host: s3.mouradcloud.com"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "Accept-Language: en-US,en;q=0.5"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "Accept-Encoding: gzip, deflate"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "Connection: keep-alive"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "Upgrade-Insecure-Requests: 1"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header done
2020/03/25 16:47:50 [info] 29649#29649: *11110 client sent plain HTTP request to HTTPS port while reading client request headers, client: 176.187.156.60, server: s3.mouradcloud.com, request: "GET / HTTP/1.1", host: "s3.mouradcloud.com"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http finalize request: 497, "/?" a:1, c:1
2020/03/25 16:47:50 [debug] 29649#29649: *11110 event timer del: 7: 353020654
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http special response: 497, "/?"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http set discard body
2020/03/25 16:47:50 [debug] 29649#29649: *11110 xslt filter header
2020/03/25 16:47:50 [debug] 29649#29649: *11110 HTTP/1.1 400 Bad Request
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 25 Mar 2020 16:47:50 GMT
Content-Type: text/html
Content-Length: 280
Connection: close
2020/03/25 16:47:50 [debug] 29649#29649: *11110 write new buf t:1 f:0 0000556138469CB0, pos 0000556138469CB0, size: 161 file: 0, size: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http write filter: l:0 f:0 s:161
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http output filter "/?"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http copy filter: "/?"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 image filter
2020/03/25 16:47:50 [debug] 29649#29649: *11110 xslt filter body
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http postpone filter "/?" 00005561384ECE10
2020/03/25 16:47:50 [debug] 29649#29649: *11110 write old buf t:1 f:0 0000556138469CB0, pos 0000556138469CB0, size: 161 file: 0, size: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11110 write new buf t:0 f:0 0000000000000000, pos 0000556137684D60, size: 218 file: 0, size: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11110 write new buf t:0 f:0 0000000000000000, pos 00005561376860A0, size: 62 file: 0, size: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http write filter: l:1 f:0 s:441
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http write filter limit 0
2020/03/25 16:47:50 [debug] 29649#29649: *11110 writev: 441 of 441
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http write filter 0000000000000000
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http copy filter: 0 "/?"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http finalize request: 0, "/?" a:1, c:1
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http request count:1 blk:0
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http close request
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http log handler
2020/03/25 16:47:50 [debug] 29649#29649: *11110 free: 0000556138468E90, unused: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11110 free: 00005561384ECA30, unused: 2848
2020/03/25 16:47:50 [debug] 29649#29649: *11110 close http connection: 7
2020/03/25 16:47:50 [debug] 29649#29649: *11110 reusable connection: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11110 free: 00005561384BAB80
2020/03/25 16:47:50 [debug] 29649#29649: *11110 free: 00005561384437C0, unused: 136
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header: "Host: s3.mouradcloud.com"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header: "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header: "Accept: image/webp,*/*"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header: "Accept-Language: en-US,en;q=0.5"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header: "Accept-Encoding: gzip, deflate"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header: "Connection: keep-alive"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header done
2020/03/25 16:47:50 [info] 29649#29649: *11111 client sent plain HTTP request to HTTPS port while reading client request headers, client: 176.187.156.60, server: s3.mouradcloud.com, request: "GET /favicon.ico HTTP/1.1", host: "s3.mouradcloud.com"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http finalize request: 497, "/favicon.ico?" a:1, c:1
2020/03/25 16:47:50 [debug] 29649#29649: *11111 event timer del: 15: 353020666
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http special response: 497, "/favicon.ico?"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http set discard body
2020/03/25 16:47:50 [debug] 29649#29649: *11111 xslt filter header
2020/03/25 16:47:50 [debug] 29649#29649: *11111 HTTP/1.1 400 Bad Request
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 25 Mar 2020 16:47:50 GMT
Content-Type: text/html
Content-Length: 280
Connection: close
2020/03/25 16:47:50 [debug] 29649#29649: *11111 write new buf t:1 f:0 0000556138469C98, pos 0000556138469C98, size: 161 file: 0, size: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http write filter: l:0 f:0 s:161
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http output filter "/favicon.ico?"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http copy filter: "/favicon.ico?"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 image filter
2020/03/25 16:47:50 [debug] 29649#29649: *11111 xslt filter body
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http postpone filter "/favicon.ico?" 0000556138469E78
2020/03/25 16:47:50 [debug] 29649#29649: *11111 write old buf t:1 f:0 0000556138469C98, pos 0000556138469C98, size: 161 file: 0, size: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11111 write new buf t:0 f:0 0000000000000000, pos 0000556137684D60, size: 218 file: 0, size: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11111 write new buf t:0 f:0 0000000000000000, pos 00005561376860A0, size: 62 file: 0, size: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http write filter: l:1 f:0 s:441
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http write filter limit 0
2020/03/25 16:47:50 [debug] 29649#29649: *11111 writev: 441 of 441
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http write filter 0000000000000000
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http copy filter: 0 "/favicon.ico?"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http finalize request: 0, "/favicon.ico?" a:1, c:1
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http request count:1 blk:0
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http close request
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http log handler
2020/03/25 16:47:50 [debug] 29649#29649: *11111 free: 0000556138468E90, unused: 8
2020/03/25 16:47:50 [debug] 29649#29649: *11111 free: 00005561384ECA30, unused: 2853
2020/03/25 16:47:50 [debug] 29649#29649: *11111 close http connection: 15
2020/03/25 16:47:50 [debug] 29649#29649: *11111 reusable connection: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11111 free: 00005561384BAB80
2020/03/25 16:47:50 [debug] 29649#29649: *11111 free: 00005561384F3D50, unused: 136
好吧,我得到了答案。我使用了来自云服务器 scality 的解决方案,实际上这与后端存储有关。
实际上你必须添加:
- Nginx 上的 SSL(使用 certbot 很容易)
在scality的后端存储中,你必须:
docker exec -it f8b1045ec132 bash
cd conf/
cat config.json
rm config.json
json='{"port": 8000,"log": {"logLevel": "info","dumpLevel": "error"},"restEndpoints": {"localhost": "true","127.0 .0.1": "true","s3.mouradcloud.com": "true","s3.corph.mouradcloud.com": "true" }}'
echo $json > config.json
exit # fron the container context
#stop and start the container again
docker stop f8b1045ec132
docker start f8b1045ec132
我的实验室本地网络上有一个类似 Minio 的 S3 服务器,该服务器在 LAN 上本地公开,可通过 http://s3.corph.mouradcloud.com 访问 这个 Minio 公开了用于对象存储的 S3 API。出于安全和性能目的,我添加了 nginx 代理,我想将其作为 http://s3.mouradcloud.com
公开给互联网本地访问在 http://s3.corph.mouradcloud.com 上工作正常,但是,我一直收到错误的请求消息和一条奇怪的消息,告诉我请求已发送到 https.. 而目前一切都只是 Http。
我使用了minio的文档here and alos tried the Whosebug thread here
两种解决方案均无效。
这是我的 Nginx 配置:
server {
listen 80;
server_name s3.mouradcloud.com;
access_log /var/log/nginx/s3.mouradcloud.access.log ;
error_log /var/log/nginx/s3.mouradcloud.errot.log debug;
ignore_invalid_headers off;
client_max_body_size 0;
proxy_buffering off;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_connect_timeout 300;
proxy_http_version 1.1;
proxy_set_header Connection "";
chunked_transfer_encoding off;
proxy_pass http://s3.corph.mouradcloud.com;
}
}
这是简单浏览器获取请求收到的错误日志:
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "Host: s3.mouradcloud.com"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,*/*;q=0.8"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "Accept-Language: en-US,en;q=0.5"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "Accept-Encoding: gzip, deflate"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "Connection: keep-alive"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header: "Upgrade-Insecure-Requests: 1"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http header done
2020/03/25 16:47:50 [info] 29649#29649: *11110 client sent plain HTTP request to HTTPS port while reading client request headers, client: 176.187.156.60, server: s3.mouradcloud.com, request: "GET / HTTP/1.1", host: "s3.mouradcloud.com"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http finalize request: 497, "/?" a:1, c:1
2020/03/25 16:47:50 [debug] 29649#29649: *11110 event timer del: 7: 353020654
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http special response: 497, "/?"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http set discard body
2020/03/25 16:47:50 [debug] 29649#29649: *11110 xslt filter header
2020/03/25 16:47:50 [debug] 29649#29649: *11110 HTTP/1.1 400 Bad Request
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 25 Mar 2020 16:47:50 GMT
Content-Type: text/html
Content-Length: 280
Connection: close
2020/03/25 16:47:50 [debug] 29649#29649: *11110 write new buf t:1 f:0 0000556138469CB0, pos 0000556138469CB0, size: 161 file: 0, size: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http write filter: l:0 f:0 s:161
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http output filter "/?"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http copy filter: "/?"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 image filter
2020/03/25 16:47:50 [debug] 29649#29649: *11110 xslt filter body
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http postpone filter "/?" 00005561384ECE10
2020/03/25 16:47:50 [debug] 29649#29649: *11110 write old buf t:1 f:0 0000556138469CB0, pos 0000556138469CB0, size: 161 file: 0, size: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11110 write new buf t:0 f:0 0000000000000000, pos 0000556137684D60, size: 218 file: 0, size: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11110 write new buf t:0 f:0 0000000000000000, pos 00005561376860A0, size: 62 file: 0, size: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http write filter: l:1 f:0 s:441
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http write filter limit 0
2020/03/25 16:47:50 [debug] 29649#29649: *11110 writev: 441 of 441
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http write filter 0000000000000000
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http copy filter: 0 "/?"
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http finalize request: 0, "/?" a:1, c:1
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http request count:1 blk:0
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http close request
2020/03/25 16:47:50 [debug] 29649#29649: *11110 http log handler
2020/03/25 16:47:50 [debug] 29649#29649: *11110 free: 0000556138468E90, unused: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11110 free: 00005561384ECA30, unused: 2848
2020/03/25 16:47:50 [debug] 29649#29649: *11110 close http connection: 7
2020/03/25 16:47:50 [debug] 29649#29649: *11110 reusable connection: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11110 free: 00005561384BAB80
2020/03/25 16:47:50 [debug] 29649#29649: *11110 free: 00005561384437C0, unused: 136
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header: "Host: s3.mouradcloud.com"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header: "User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header: "Accept: image/webp,*/*"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header: "Accept-Language: en-US,en;q=0.5"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header: "Accept-Encoding: gzip, deflate"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header: "Connection: keep-alive"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http header done
2020/03/25 16:47:50 [info] 29649#29649: *11111 client sent plain HTTP request to HTTPS port while reading client request headers, client: 176.187.156.60, server: s3.mouradcloud.com, request: "GET /favicon.ico HTTP/1.1", host: "s3.mouradcloud.com"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http finalize request: 497, "/favicon.ico?" a:1, c:1
2020/03/25 16:47:50 [debug] 29649#29649: *11111 event timer del: 15: 353020666
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http special response: 497, "/favicon.ico?"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http set discard body
2020/03/25 16:47:50 [debug] 29649#29649: *11111 xslt filter header
2020/03/25 16:47:50 [debug] 29649#29649: *11111 HTTP/1.1 400 Bad Request
Server: nginx/1.14.0 (Ubuntu)
Date: Wed, 25 Mar 2020 16:47:50 GMT
Content-Type: text/html
Content-Length: 280
Connection: close
2020/03/25 16:47:50 [debug] 29649#29649: *11111 write new buf t:1 f:0 0000556138469C98, pos 0000556138469C98, size: 161 file: 0, size: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http write filter: l:0 f:0 s:161
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http output filter "/favicon.ico?"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http copy filter: "/favicon.ico?"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 image filter
2020/03/25 16:47:50 [debug] 29649#29649: *11111 xslt filter body
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http postpone filter "/favicon.ico?" 0000556138469E78
2020/03/25 16:47:50 [debug] 29649#29649: *11111 write old buf t:1 f:0 0000556138469C98, pos 0000556138469C98, size: 161 file: 0, size: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11111 write new buf t:0 f:0 0000000000000000, pos 0000556137684D60, size: 218 file: 0, size: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11111 write new buf t:0 f:0 0000000000000000, pos 00005561376860A0, size: 62 file: 0, size: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http write filter: l:1 f:0 s:441
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http write filter limit 0
2020/03/25 16:47:50 [debug] 29649#29649: *11111 writev: 441 of 441
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http write filter 0000000000000000
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http copy filter: 0 "/favicon.ico?"
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http finalize request: 0, "/favicon.ico?" a:1, c:1
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http request count:1 blk:0
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http close request
2020/03/25 16:47:50 [debug] 29649#29649: *11111 http log handler
2020/03/25 16:47:50 [debug] 29649#29649: *11111 free: 0000556138468E90, unused: 8
2020/03/25 16:47:50 [debug] 29649#29649: *11111 free: 00005561384ECA30, unused: 2853
2020/03/25 16:47:50 [debug] 29649#29649: *11111 close http connection: 15
2020/03/25 16:47:50 [debug] 29649#29649: *11111 reusable connection: 0
2020/03/25 16:47:50 [debug] 29649#29649: *11111 free: 00005561384BAB80
2020/03/25 16:47:50 [debug] 29649#29649: *11111 free: 00005561384F3D50, unused: 136
好吧,我得到了答案。我使用了来自云服务器 scality 的解决方案,实际上这与后端存储有关。 实际上你必须添加:
- Nginx 上的 SSL(使用 certbot 很容易)
在scality的后端存储中,你必须:
docker exec -it f8b1045ec132 bash cd conf/ cat config.json rm config.json json='{"port": 8000,"log": {"logLevel": "info","dumpLevel": "error"},"restEndpoints": {"localhost": "true","127.0 .0.1": "true","s3.mouradcloud.com": "true","s3.corph.mouradcloud.com": "true" }}' echo $json > config.json exit # fron the container context #stop and start the container again docker stop f8b1045ec132 docker start f8b1045ec132