使用 nginx 正则表达式位置匹配将 URI 动态映射到多个反向代理的不同端口 [英] Using nginx regex location matching to dynamically map URI's to different ports for multiple reverse proxies

问题描述

我正在使用 nginx 为可能位于防火墙后面的 Web 应用程序创建反向代理.对于我最初的概念证明，我使用了以下位置块来确保它有效.

I'm using nginx to create a reverse proxy to a web app that may be behind a firewall. For my initial proof of concept I used the following location block to ensure it worked.

    location / {
            proxy_pass https://localhost:2222;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $remote_addr;
    }

我使用 ssh -f -N -T -R2222:localhost:443 user@nginx-ip 在我的 Web 应用程序上打开我的反向隧道.这完全符合我的喜好.我在浏览器中输入 nginx-ip 并从我的网络应用程序获取 https 流量，但被 nginx-ip 等混淆了.

I open up my reverse tunnel on my web app with ssh -f -N -T -R2222:localhost:443 user@nginx-ip. This works exactly as I like. I type in my nginx-ip into my browser and I get the https traffic from my web app but obfuscated by the nginx-ip, etc.

我想允许潜在的几千个反向隧道跨越几千个端口(而不是在上面的例子中只有 2222 个).阅读 nginx，我想使用正则表达式 动态使用包含端口号的 URI 来代理_传递到该特定端口.

I want to allow potentially a few thousand reverse tunnels though across a few thousand ports (instead of just 2222 in the above case). Reading up on nginx, I thought to use regular expressions to dynamically use a URI containing the port number to proxy_pass to that specific port.

也就是说，我希望 https://nginx-ip/2222/ 到 proxy_pass https://localhost:2222; 并且我希望 <代码>https://nginx-ip/1111/ 到 proxy_pass https://localhost:1111;.

That is, I'd like https://nginx-ip/2222/ to proxy_pass https://localhost:2222; and I'd like https://nginx-ip/1111/ to proxy_pass https://localhost:1111;.

我尝试了很多变体，但据我所知，我认为这应该可行:

I've tried quite a few variations, but as far as I've been able to reason, I've landed on thinking this should work:

    location ~* ^/(\d+) {
            proxy_pass https://localhost:$1;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $remote_addr;
    }

它没有.我在浏览器中收到一个 502 Bad Gateway，错误日志给了我:

It doesn't. I get a 502 Bad Gateway in my browser and the error log gives me:

2016/05/31 21:02:36 [error] 6188#0: *3584 没有定义解析器来解析本地主机，客户端:{my-client-ip}，服务器:本地主机，请求:GET/2222/HTTP/1.1"，主机:{nginx-ip}"

2016/05/31 21:02:36 [error] 6188#0: *3584 no resolver defined to resolve localhost, client: {my-client-ip}, server: localhost, request: "GET /2222/ HTTP/1.1", host: "{nginx-ip}"

当我使用 127.0.0.1 而不是 localhost 时，我得到 404.网页上说

When I use 127.0.0.1 instead of localhost I get a 404. The webpage says

未找到在此服务器上找不到请求的 URL/2222/.

Not Found The requested URL /2222/ was not found on this server.

我尝试使用 nginx 配置可以实现吗?

Is what I'm attempting possible with nginx configuration?

重申一下，我希望能够通过 nginx Web 服务器启动许多(数千个)独特的反向隧道.我最初的想法是根据我想要代理的其他 Web 应用程序来改变 nginx 服务器的传出端口，并通过 URI 中的端口将请求分配给我的 nginx 服务器到不同的端口(通过正则表达式提取).

To reiterate, I would like to be able to initiate many (thousands) unique reverse tunnels through an nginx web server. My initial thought was to vary the outgoing ports of the nginx server based on what other web app I want to proxy through, and to assign the request to my nginx server to a different port by a port in the URI (extracting it via regex).

推荐答案

为了解决我的问题，在@Cirdec 的帮助下，我最终走向了不同的方向.

To solve my problem, and with the help of @Cirdec I ended up going a different direction.

我没有使用 URI 中的路径来引用端口，而是成功地将端口用作子域.也就是说，1111.my-host-name 将通过端口 上的 127.0.0.1 (localhost) 上的反向代理发送信息1111.这需要使用一些 DNS 通配符来帮助处理一些繁重的列表(注意:/etc/hosts 中的通配符 DNS 匹配将不起作用，但您可以硬编码一些条目来测试它是否有效.

Instead of using path in the URI to reference port, I was successful using the port as a subdomain. That is, 1111.my-host-name will send things through the reverse proxy on 127.0.0.1 (localhost) on port 1111. This requires enlisting some DNS wildcarding to help with some of the heavy listing (of note: wildcard DNS matching in /etc/hosts will not work, but you can hard code a few entries to test that it works.

摘自我的 /etc/hosts 文件:

nginx-box-ip-address     2222.my-host-name
nginx-box-ip-address     1111.my-host-name

这与 nginx 配置配对:

This paired with nginx config:

server {
    listen 443;
    server_name ~^(?<port_subdomain>[0-9]*).my-host-name$;

    # NOTE: omitted extra ssl configuration lines

    location / {
            proxy_pass https://127.0.0.1:$port_subdomain;
            proxy_set_header Host $host;
            proxy_set_header X-Forwarded-For $remote_addr;
    }
}

现在我可以让我的网络应用打开反向代理隧道到我的 nginx 机器上的任意端口(我的主机名)，并通过子域访问它们.

Now I can have my web app open up reverse proxy tunnels to arbitrary ports on my nginx box (my-host-name) and reach them through a subdomain.

分步示例:

• 在我的一个 Web 应用程序框上，我使用 ssh -f -N -T 在我的 nginx 框(我的主机名)上打开了一个反向隧道到端口 2222 -R2222:localhost:443 user@my-host-name
  • 在不同的 Web 应用程序框上，我可以通过运行 ssh -f -N - 打开到同一个 nginx 框(我的主机名)的不同隧道，比如端口 1111 -T -R1111:localhost:443 user@my-host-name 在不同的 Web 应用程序框中
  • On one of my web app boxes, I open up a reverse tunnel to port 2222 on my nginx box (my-host-name) with ssh -f -N -T -R2222:localhost:443 user@my-host-name
    • On a different web app box I can open up a different tunnel to the same nginx box (my-host-name), say port 1111 by running ssh -f -N -T -R1111:localhost:443 user@my-host-name on the different web app box

    这篇关于使用 nginx 正则表达式位置匹配将 URI 动态映射到多个反向代理的不同端口的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！