使用 Varnish:80 和 Nginx:8080 網站是 404 not found
我遵循了多個指南如何設置 Varnish(例如https://www.globo.tech/learning-center/set-up-varnish-ubuntu-16/),所有這些都告訴將 Varnish 設置為埠 80,將 Nginx 設置為 8080 .
所以這就是我們看到的
netstat -nlpt
:tcp 0 0 0.0.0.0:8080 0.0.0.0:* LISTEN 12465/nginx.conf tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 12059/varnishd tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 12465/nginx.conf tcp 0 0 127.0.0.1:6082 0.0.0.0:* LISTEN 12059/varnishd tcp6 0 0 :::80 :::* LISTEN 12059/varnishd tcp6 0 0 ::1:6082 :::* LISTEN 12059/varnishd
這是我網站 100% 完整的 nginx .config:
server { listen 127.0.0.1:8080; server_name example.com www.example.com; #return 301 https://www.example.com$request_uri; <--- had to remove this redirect because of the addition to default.vcl, with both enabled it gives infinite redirect loop. } server { listen 443; server_name example.com; return 301 https://www.example.com$request_uri; } server { listen 443 ssl http2; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_prefer_server_ciphers on; ssl_ciphers 'EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5'; ssl_dhparam /etc/nginx/ssl/dhparams.pem; ssl_session_timeout 1d; ssl_session_cache shared:SSL:50m; ssl_stapling on; ssl_stapling_verify on; add_header Strict-Transport-Security max-age=15768000; root /var/www/example.com/htdocs; server_name example.com www.example.com; location / { #autoindex on; #try_files $uri $uri/ =404; proxy_pass http://127.0.0.1:80; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Port 443; proxy_set_header Host $host; } location ~* /img/.*\.gif$ { expires 30d; add_header Pragma public; add_header Cache-Control "public"; } }
如果我去
example.com
,不只是重定向到 https 和 www 被破壞,我只是得到 404 not found。我在 .conf 中所做的只是將頂行的 80 更改為 8080。Varnish實際上也在記憶體404
curl --head -I example.com
HTTP/1.1 404 Not Found Server: nginx/1.11.10 Date: Tue, 21 Feb 2017 11:01:56 GMT Content-Type: text/html Content-Length: 170 X-Varnish: 72 65 Age: 340 Via: 1.1 varnish-v4 Cache-Tags: HIT Connection: keep-alive
並且要載入一個網站,我必須輸入
www
.example.com 它重定向到https://www.example.com
,站點載入,但 Varnish 沒有記憶體它curl --head -I https://www.example.com
:HTTP/1.1 200 OK Server: nginx/1.11.10 Date: Tue, 21 Feb 2017 11:09:08 GMT Content-Type: text/html Content-Length: 478 Last-Modified: Fri, 17 Feb 2017 17:30:11 GMT Connection: keep-alive Vary: Accept-Encoding ETag: "58a73323-1de" Strict-Transport-Security: max-age=15768000 Accept-Ranges: bytes
varnishd
還給_Error: Cannot open socket: :80: Address already in use
varnishstat
看起來挺好的:MAIN.uptime 0+00:30:07 MAIN.sess_conn 44 0.00 . 0.00 0.00 0.00 MAIN.client_req 74 0.00 . 0.00 0.00 0.00 MAIN.cache_hit 70 0.00 . 0.00 0.00 0.00 MAIN.cache_miss 4 0.00 . 0.00 0.00 0.00 MAIN.backend_reuse 3 0.00 . 0.00 0.00 0.00 MAIN.backend_recycle 6 0.00 . 0.00 0.00 0.00 MAIN.fetch_length 6 0.00 . 0.00 0.00 0.00 MAIN.pools 2 0.00 . 2.00 2.00 2.00 MAIN.threads 200 0.00 . 200.00 200.00 200.00 MAIN.threads_created 200 0.00 . 0.00 0.00 0.00 MAIN.n_object 4 0.00 . 4.00 4.00 4.00 MAIN.n_objectcore 5 0.00 . 5.00 5.00 5.00 MAIN.n_objecthead 6 0.00 . 6.00 6.00 6.00 MAIN.n_backend 1 0.00 . 1.00 1.00 1.00 MAIN.s_sess 44 0.00 . 0.00 0.00 0.00 MAIN.s_req 74 0.00 . 0.00 0.00 0.00 MAIN.s_fetch 4 0.00 . 0.00 0.00 0.00 MAIN.s_req_hdrbytes 24.54K 0.00 13.00 0.00 0.00 0.00 MAIN.s_resp_hdrbytes 15.99K 0.00 9.00 0.00 0.00 0.00 MAIN.s_resp_bodybytes 11.46K 0.00 6.00 0.00 0.00 0.00 MAIN.backend_req 6 0.00 . 0.00 0.00 0.00 MAIN.n_vcl 1 0.00 . 0.00 0.00 0.00 MAIN.bans 1 0.00 . 1.00 1.00 1.00 MAIN.vmods 2 0.00 . 2.00 2.00 2.00 MGT.uptime 0+00:30:07 SMA.s0.c_req 12 0.00 . 0.00 0.00 0.00 SMA.s0.c_bytes 2.68K 0.00 1.00 0.00 0.00 0.00 SMA.s0.c_freed 908 0.00 . 0.00 0.00 0.00 SMA.s0.g_alloc 8 0.00 . 8.00 8.00 8.00 SMA.s0.g_bytes 1.80K 0.00 . 1.80K 1.80K 1.80K SMA.s0.g_space 256.00M 0.00 . 256.00M 256.00M 256.00M VBE.boot.default.bereq_hdrbytes 1.61K 0.00 . 0.00 0.00 0.00 VBE.boot.default.beresp_hdrbytes 936 0.00 . 0.00 0.00 0.00 VBE.boot.default.beresp_bodybytes 1020 0.00 . 0.00 0.00 0.00 VBE.boot.default.conn 6 0.00 . 6.00 6.00 6.00 VBE.boot.default.req 6 0.00 . 0.00 0.00 0.00
更新:
跟隨https://www.smashingmagazine.com/2015/09/https-everywhere-with-nginx-varnish-apache/並將這些添加到配置中:
proxy_pass http://127.0.0.1:80; proxy_read_timeout 90; proxy_connect_timeout 90; proxy_redirect off; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Port 443; proxy_set_header Host $host;
這些到 .vcl
# handles redirecting from http to https sub vcl_synth { if (resp.status == 750) { set resp.status = 301; set resp.http.Location = req.http.x-redir; return(deliver); } } if ( (req.http.host ~ "^(?i)smashing_ssl_one.tutorials.eoms") && req.http.X-Forwarded-Proto !~ "(?i)https") { set req.http.x-redir = "https://" + req.http.host + req.url; return (synth(750, "")); }
仍然是 404,但至少清漆
https://
現在正在記憶體。curl -I https://www.example.com/ HTTP/1.1 404 Not Found Server: nginx/1.11.10 Date: Tue, 21 Feb 2017 12:58:47 GMT Content-Type: text/html Content-Length: 170 Connection: keep-alive X-Varnish: 32849 32847 Age: 63 Via: 1.1 varnish-v4 X-Cache: HIT
雖然
https://www.example.com/
找不到 404,但例如https://www.example.com/img/pic.png
找到並載入項目,但未上漆。
使用以下 nginx 配置進行 443 代理
server { listen 443 ssl; server_name www.example.com example.com; ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; ssl_protocols TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers HIGH:!aNULL:!MD5; location / { proxy_pass http://127.0.0.1:80; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto https; proxy_set_header X-Forwarded-Port 443; proxy_set_header Host $host; proxy_connect_timeout 86400; proxy_send_timeout 86400; proxy_read_timeout 86400; send_timeout 86400; client_max_body_size 50m; client_body_buffer_size 16k; } location /.git { deny all; return 404; } }