Nginx 反向代理子目录重写 sourcegraph [英] Nginx reverse proxy subdirectory rewrites for sourcegraph

问题描述

我正在尝试使用反向代理添加 SSL 证书，在我的域的子目录上提供自托管 Sourcegraph 服务器.

目标是让 http://example.org/source 为 sourcegraph 服务器提供服务

我的重写和反向代理如下所示:

 位置/source {proxy_set_header 主机 $host;proxy_set_header X-Real-IP $remote_addr;proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;proxy_set_header X-Scheme $scheme;重写 ^/source/?(.*)/$1 break;proxy_pass http://localhost:8108;}

我遇到的问题是，在调用 http://example.org/source 后，我被重定向到http://example.org/sign-in?returnTo=%2F>

有没有办法将sourcegraph的响应改写到正确的子目录?

另外，我可以在哪里调试重写指令?我想关注它所做的更改以更好地理解它.

--

我知道我使用 rewrite 的方法可能是错误的，我现在正在尝试 sub_filter 模块.

我使用 tcpdump 捕获了 sourcegraph 的响应并使用 wireshark 进行了分析，所以我在:

GET/sourcegraph/HTTP/1.0主持人:127.0.0.1:8108连接:关闭升级不安全请求:1DNT:1用户代理:Mozilla/5.0(Windows NT 10.0；Win64；x64)AppleWebKit/537.36(KHTML，如 Gecko)Chrome/67.0.3396.99 Safari/537.36接受:text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8推荐人:https://example.org/接受编码:gzip、deflate、br接受语言: de,en-US;q=0.9,en;q=0.8Cookie: sidebar_collapsed=false;发现 HTTP/1.0 302缓存控制:无缓存，max-age=0内容类型:文本/html；字符集=utf-8位置:/sign-in?returnTo=%2Fsourcegraph%2F严格传输安全:max-age=31536000变化:饼干X-Content-Type-Options: nosniffX-Frame-选项:拒绝X-Trace:#tracer-not-enabledX-Xss-保护:1；模式=块日期:2018 年 7 月 7 日星期六 13:59:06 GMT内容长度:58<a href="/sign-in?returnTo=%2Fsourcegraph%2F">找到</a>.

解决方案

在这里使用 rewrite 会导致额外的处理开销，完全没有必要.

proxy_pass 是这样工作的:

proxy_pass 到一个裸 url，即在域/ip/端口和完整的客户端请求 uri 被添加到末尾并传递给代理之后什么都没有.

添加任何内容，即使只是对 proxy_pass 的斜线，您添加的任何内容都会替换与该位置块的 uri 匹配的客户端请求 uri 部分.

因此，如果您想丢失客户端请求的源代码部分，它需要如下所示:

location/source/{proxy_pass http://localhost:8108/;.....}

现在请求将像这样代理:

example.com/source/ ->本地主机:8108/

example.com/source/files/file.txt ->localhost:8108/files/file.txt

需要指出的是，Nginx 不只是从请求中删除 /source/，而是替换了我的整个 proxy_pass URI，这不是很清楚尾部斜杠，以便更好地说明我们是否将 proxy_pass 更改为:

proxy_pass http://localhost:8108/graph/; 那么请求现在是这样处理的:

example.com/source/ ->localhost:8108/graph/

example.com/source/files/file.txt ->localhost:8108/graph/files/file.txt

如果您想知道如果有人请求 example.com/source 会发生什么，只要您没有将 merge_slashes 指令设置为关闭，因为 Nginx 将添加尾随/到代理请求.

I'm trying to have a self hosted sourcegraph server being served on a subdirectory of my domain using a reverse proxy to add an SSL cert.

The target is to have http://example.org/source serve the sourcegraph server

My rewrites and reverse proxy look like this:

  location /source {
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Scheme $scheme;

    rewrite ^/source/?(.*) /$1 break;
    proxy_pass http://localhost:8108;
  }

The problem I am having is that upon calling http://example.org/source I get redirected to http://example.org/sign-in?returnTo=%2F

Is there a way to rewrite the response of sourcegraph to the correct subdirectory?

Additionally, where can I debug the rewrite directive? I would like to follow the changes it does to understand it better.

-- Edit:

I know my approach is probably wrong using rewrite and I'm trying the sub_filter module right now.

I captured the response of sourcegraph using tcpdump and analyzed using wireshark so I am at:

GET /sourcegraph/ HTTP/1.0
Host: 127.0.0.1:8108
Connection: close
Upgrade-Insecure-Requests: 1
DNT: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8
Referer: https://example.org/
Accept-Encoding: gzip, deflate, br
Accept-Language: de,en-US;q=0.9,en;q=0.8
Cookie: sidebar_collapsed=false; 

HTTP/1.0 302 Found
Cache-Control: no-cache, max-age=0
Content-Type: text/html; charset=utf-8
Location: /sign-in?returnTo=%2Fsourcegraph%2F
Strict-Transport-Security: max-age=31536000
Vary: Cookie
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
X-Trace: #tracer-not-enabled
X-Xss-Protection: 1; mode=block
Date: Sat, 07 Jul 2018 13:59:06 GMT
Content-Length: 58

<a href="/sign-in?returnTo=%2Fsourcegraph%2F">Found</a>.

解决方案

Using rewrite here causes extra processing overhead and is totally unnecessary.

proxy_pass works like this:

proxy_pass to a naked url, i.e. nothing at all after domain/ip/port and the full client request uri gets added to the end and passed to the proxy.

Add anything, even just a slash to the proxy_pass and whatever you add replaces the part of the client request uri which matches the uri of that location block.

so if you want to lose the source part of your client request it needs to look like this:

location /source/ {
    proxy_pass http://localhost:8108/;
    .....
}

Now requests will be proxied like this:

example.com/source/ -> localhost:8108/

example.com/source/files/file.txt -> localhost:8108/files/file.txt

It's important to point out that Nginx isn't just dropping /source/ from the request, it's substituting my entire proxy_pass URI, It's not as clear when that's just a trailing slash, so to better illustrate if we change proxy_pass to this:

proxy_pass http://localhost:8108/graph/; then the requests are now processed like this:

example.com/source/ -> localhost:8108/graph/

example.com/source/files/file.txt -> localhost:8108/graph/files/file.txt

If you are wondering what happens if someone requests example.com/source this works providing you have not set the merge_slashes directive to off as Nginx will add the trailing / to proxied requests.

这篇关于Nginx 反向代理子目录重写 sourcegraph的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！