Nginx反向代理配置使Mojolicious $self->req->url->to_abs丢弃端口号
Nginx reverse proxy configuration makes Mojolicious $self->req->url->to_abs discard the port number
卡在 "quick and dirty" 网络资源 link 共享功能的实现中,它应该根据以下场景工作:
- 用户列出数据库中的项目,点击编辑
- 系统打开所选应用程序的编辑模式对话框
- 系统在 this 应用程序实例中显示 link 到 this 项目,以便用户通过几个选项卡可以按 Ctrl + C 或 Cmd + C 吗...
所以我在 mojolicious 模板中有以下代码,Mojolicious 完美地将其转换为正确的绝对 url,而 运行 没有 nginx 反向代理:
<input id="modal-dia-share-lnk" @focus="this.document.execCommand('selectAll',false,null)"
:value="'<%= $self->req->url->to_abs =%>?&'+'with=id-eq-'+this.$attrs.id.replace('dia-','')" readonly>
翻译成这样:
http://host-name:8082/qto/list/monthly_issues_202004?&with=id-eq-200327122837
有端口
但是,虽然 运行 在反向代理后面,但它忽略了端口,所以即使我 运行 在端口 441 上
生成的 url 是 NOT 是否有端口
http://qto.fi/qto/list/monthly_issues_202004?&with=id-eq-200325163720
这 setup 有点不可接受,因为 dev 的 Mojo 应用程序层必须监听端口 441 和 prd 的 Mojo 应用层必须监听端口 443
您实际上可以在以下两种情况下获得场景:
只需单击“确定”即可使用默认匿名用户登录...
我可以根据应用程序的现有配置构建 url,但我想应该有快速的 nginx hack 来实际包含端口以及位置指令中的一些正则表达式或其他东西.. .
这是反向代理conf:
server {
listen 443 ssl;
server_name qto.fi;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/qto.fi/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/qto.fi/privkey.pem;
location / {
proxy_pass http://localhost:8080/;
proxy_http_version 1.1;
proxy_pass_header Authorization;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 10s;
}
}
开发站点还有以下 http conf:
server {
listen 78;
listen [::]:78;
server_name qto.fi;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://localhost:8078/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
# ....
}
}
在 nginx 反向代理 conf 中将端口添加到主机 header:
proxy_set_header Host $host:443;
或
proxy_set_header Host $host:$server_port;
一种变通方法,基于 of ttubrian,
但仍然不完全是真正的解决方案
通过proxy_set_header Host $host:78;
构建url
因此 https conf 将如下所示:
server {
listen 441 ssl;
server_name qto.fi;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/qto.fi/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/qto.fi/privkey.pem;
location / {
proxy_pass http://localhost:8078/;
proxy_http_version 1.1;
proxy_pass_header Authorization;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Scheme $scheme;
proxy_set_header Host $host:78;
proxy_read_timeout 10s;
}
}
生成以下类型的 url:
http://qto.fi:78/qto/list/problems?&with=id-eq-200325184202
并在 http dev conf 中添加 http -> https 实施:
return 301 https://$host:441$request_uri;
所以 dev conf 将如下所示:
server {
listen 78;
listen [::]:78;
server_name qto.fi;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
return 301 https://$host:441$request_uri;
location / {
proxy_pass http://localhost:8078/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
卡在 "quick and dirty" 网络资源 link 共享功能的实现中,它应该根据以下场景工作:
- 用户列出数据库中的项目,点击编辑
- 系统打开所选应用程序的编辑模式对话框
- 系统在 this 应用程序实例中显示 link 到 this 项目,以便用户通过几个选项卡可以按 Ctrl + C 或 Cmd + C 吗...
所以我在 mojolicious 模板中有以下代码,Mojolicious 完美地将其转换为正确的绝对 url,而 运行 没有 nginx 反向代理:
<input id="modal-dia-share-lnk" @focus="this.document.execCommand('selectAll',false,null)"
:value="'<%= $self->req->url->to_abs =%>?&'+'with=id-eq-'+this.$attrs.id.replace('dia-','')" readonly>
翻译成这样:
http://host-name:8082/qto/list/monthly_issues_202004?&with=id-eq-200327122837
有端口
但是,虽然 运行 在反向代理后面,但它忽略了端口,所以即使我 运行 在端口 441 上
生成的 url 是 NOT 是否有端口
http://qto.fi/qto/list/monthly_issues_202004?&with=id-eq-200325163720
这 setup 有点不可接受,因为 dev 的 Mojo 应用程序层必须监听端口 441 和 prd 的 Mojo 应用层必须监听端口 443
您实际上可以在以下两种情况下获得场景:
只需单击“确定”即可使用默认匿名用户登录...
我可以根据应用程序的现有配置构建 url,但我想应该有快速的 nginx hack 来实际包含端口以及位置指令中的一些正则表达式或其他东西.. .
这是反向代理conf:
server {
listen 443 ssl;
server_name qto.fi;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/qto.fi/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/qto.fi/privkey.pem;
location / {
proxy_pass http://localhost:8080/;
proxy_http_version 1.1;
proxy_pass_header Authorization;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_read_timeout 10s;
}
}
开发站点还有以下 http conf:
server {
listen 78;
listen [::]:78;
server_name qto.fi;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
location / {
proxy_pass http://localhost:8078/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;
# ....
}
}
在 nginx 反向代理 conf 中将端口添加到主机 header:
proxy_set_header Host $host:443;
或
proxy_set_header Host $host:$server_port;
一种变通方法,基于
通过proxy_set_header Host $host:78;
因此 https conf 将如下所示:
server {
listen 441 ssl;
server_name qto.fi;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/qto.fi/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/qto.fi/privkey.pem;
location / {
proxy_pass http://localhost:8078/;
proxy_http_version 1.1;
proxy_pass_header Authorization;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Scheme $scheme;
proxy_set_header Host $host:78;
proxy_read_timeout 10s;
}
}
生成以下类型的 url:
http://qto.fi:78/qto/list/problems?&with=id-eq-200325184202
并在 http dev conf 中添加 http -> https 实施:
return 301 https://$host:441$request_uri;
所以 dev conf 将如下所示:
server {
listen 78;
listen [::]:78;
server_name qto.fi;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $remote_addr;
return 301 https://$host:441$request_uri;
location / {
proxy_pass http://localhost:8078/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For
$proxy_add_x_forwarded_for;