Linux

使用 Varnish:80 和 Nginx:8080 網站是 404 not found

  • March 23, 2020

我遵循了多個指南如何設置 Varnish(例如https://www.globo.tech/learning-center/set-up-varnish-ubuntu-16/),所有這些都告訴將 Varnish 設置為埠 80,將 Nginx 設置為 8080 .

所以這就是我們看到的netstat -nlpt

tcp        0      0 0.0.0.0:8080            0.0.0.0:*               LISTEN      12465/nginx.conf
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      12059/varnishd
tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      12465/nginx.conf
tcp        0      0 127.0.0.1:6082          0.0.0.0:*               LISTEN      12059/varnishd
tcp6       0      0 :::80                   :::*                    LISTEN      12059/varnishd
tcp6       0      0 ::1:6082                :::*                    LISTEN      12059/varnishd

這是我網站 100% 完整的 nginx .config:

server {
 listen 127.0.0.1:8080;
 server_name example.com www.example.com;
 #return 301 https://www.example.com$request_uri; <--- had to remove this redirect because of the addition to default.vcl, with both enabled it gives infinite redirect loop.
}
server {
 listen 443;
 server_name example.com;
 return 301 https://www.example.com$request_uri;
}

server {
 listen 443 ssl http2;

 ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_prefer_server_ciphers on;
 ssl_ciphers 'EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5';
 ssl_dhparam /etc/nginx/ssl/dhparams.pem;
 ssl_session_timeout 1d;
 ssl_session_cache shared:SSL:50m;
 ssl_stapling on;
 ssl_stapling_verify on;
 add_header Strict-Transport-Security max-age=15768000;


 root /var/www/example.com/htdocs;

 server_name example.com www.example.com;

 location / {
   #autoindex on;
   #try_files $uri $uri/ =404;

   proxy_pass http://127.0.0.1:80;
   proxy_read_timeout    90;
   proxy_connect_timeout 90;
   proxy_redirect        off;

   proxy_set_header X-Real-IP  $remote_addr;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   proxy_set_header X-Forwarded-Proto https;
   proxy_set_header X-Forwarded-Port 443;
   proxy_set_header Host $host;

 }

 location ~* /img/.*\.gif$ {
   expires 30d;
   add_header Pragma public;
   add_header Cache-Control "public";
 }
}

如果我去example.com,不只是重定向到 https 和 www 被破壞,我只是得到 404 not found。我在 .conf 中所做的只是將頂行的 80 更改為 8080。

Varnish實際上也在記憶體404curl --head -I example.com

HTTP/1.1 404 Not Found
Server: nginx/1.11.10
Date: Tue, 21 Feb 2017 11:01:56 GMT
Content-Type: text/html
Content-Length: 170
X-Varnish: 72 65
Age: 340
Via: 1.1 varnish-v4
Cache-Tags: HIT
Connection: keep-alive

並且要載入一個網站,我必須輸入www.example.com 它重定向到https://www.example.com,站點載入,但 Varnish 沒有記憶體它curl --head -I https://www.example.com

HTTP/1.1 200 OK
Server: nginx/1.11.10
Date: Tue, 21 Feb 2017 11:09:08 GMT
Content-Type: text/html
Content-Length: 478
Last-Modified: Fri, 17 Feb 2017 17:30:11 GMT
Connection: keep-alive
Vary: Accept-Encoding
ETag: "58a73323-1de"
Strict-Transport-Security: max-age=15768000
Accept-Ranges: bytes

varnishd還給_Error: Cannot open socket: :80: Address already in use

varnishstat看起來挺好的:

MAIN.uptime                                                                                                                       0+00:30:07
MAIN.sess_conn                                                                                                                            44          0.00           .            0.00          0.00          0.00
MAIN.client_req                                                                                                                           74          0.00           .            0.00          0.00          0.00
MAIN.cache_hit                                                                                                                            70          0.00           .            0.00          0.00          0.00
MAIN.cache_miss                                                                                                                            4          0.00           .            0.00          0.00          0.00
MAIN.backend_reuse                                                                                                                         3          0.00           .            0.00          0.00          0.00
MAIN.backend_recycle                                                                                                                       6          0.00           .            0.00          0.00          0.00
MAIN.fetch_length                                                                                                                          6          0.00           .            0.00          0.00          0.00
MAIN.pools                                                                                                                                 2          0.00           .            2.00          2.00          2.00
MAIN.threads                                                                                                                             200          0.00           .          200.00        200.00        200.00
MAIN.threads_created                                                                                                                     200          0.00           .            0.00          0.00          0.00
MAIN.n_object                                                                                                                              4          0.00           .            4.00          4.00          4.00
MAIN.n_objectcore                                                                                                                          5          0.00           .            5.00          5.00          5.00
MAIN.n_objecthead                                                                                                                          6          0.00           .            6.00          6.00          6.00
MAIN.n_backend                                                                                                                             1          0.00           .            1.00          1.00          1.00
MAIN.s_sess                                                                                                                               44          0.00           .            0.00          0.00          0.00
MAIN.s_req                                                                                                                                74          0.00           .            0.00          0.00          0.00
MAIN.s_fetch                                                                                                                               4          0.00           .            0.00          0.00          0.00
MAIN.s_req_hdrbytes                                                                                                                    24.54K         0.00         13.00          0.00          0.00          0.00
MAIN.s_resp_hdrbytes                                                                                                                   15.99K         0.00          9.00          0.00          0.00          0.00
MAIN.s_resp_bodybytes                                                                                                                  11.46K         0.00          6.00          0.00          0.00          0.00
MAIN.backend_req                                                                                                                           6          0.00           .            0.00          0.00          0.00
MAIN.n_vcl                                                                                                                                 1          0.00           .            0.00          0.00          0.00
MAIN.bans                                                                                                                                  1          0.00           .            1.00          1.00          1.00
MAIN.vmods                                                                                                                                 2          0.00           .            2.00          2.00          2.00
MGT.uptime                                                                                                                        0+00:30:07
SMA.s0.c_req                                                                                                                              12          0.00           .            0.00          0.00          0.00
SMA.s0.c_bytes                                                                                                                          2.68K         0.00          1.00          0.00          0.00          0.00
SMA.s0.c_freed                                                                                                                           908          0.00           .            0.00          0.00          0.00
SMA.s0.g_alloc                                                                                                                             8          0.00           .            8.00          8.00          8.00
SMA.s0.g_bytes                                                                                                                          1.80K         0.00           .            1.80K         1.80K         1.80K
SMA.s0.g_space                                                                                                                        256.00M         0.00           .          256.00M       256.00M       256.00M
VBE.boot.default.bereq_hdrbytes                                                                                                         1.61K         0.00           .            0.00          0.00          0.00
VBE.boot.default.beresp_hdrbytes                                                                                                         936          0.00           .            0.00          0.00          0.00
VBE.boot.default.beresp_bodybytes                                                                                                       1020          0.00           .            0.00          0.00          0.00
VBE.boot.default.conn                                                                                                                      6          0.00           .            6.00          6.00          6.00
VBE.boot.default.req                                                                                                                       6          0.00           .            0.00          0.00          0.00

更新:

跟隨https://www.smashingmagazine.com/2015/09/https-everywhere-with-nginx-varnish-apache/並將這些添加到配置中:

proxy_pass http://127.0.0.1:80;
proxy_read_timeout    90;
proxy_connect_timeout 90;
proxy_redirect        off;

proxy_set_header X-Real-IP  $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header X-Forwarded-Port 443;
proxy_set_header Host $host;

這些到 .vcl

# handles redirecting from http to https
sub vcl_synth {
 if (resp.status == 750) {
   set resp.status = 301;
   set resp.http.Location = req.http.x-redir;
   return(deliver);
 }
}

if ( (req.http.host ~ "^(?i)smashing_ssl_one.tutorials.eoms") && req.http.X-Forwarded-Proto !~ "(?i)https") {
 set req.http.x-redir = "https://" + req.http.host + req.url;
 return (synth(750, ""));
}

仍然是 404,但至少清漆https://現在正在記憶體。

curl -I https://www.example.com/
HTTP/1.1 404 Not Found
Server: nginx/1.11.10
Date: Tue, 21 Feb 2017 12:58:47 GMT
Content-Type: text/html
Content-Length: 170
Connection: keep-alive
X-Varnish: 32849 32847
Age: 63
Via: 1.1 varnish-v4
X-Cache: HIT

雖然https://www.example.com/找不到 404,但例如https://www.example.com/img/pic.png找到並載入項目,但未上漆。

使用以下 nginx 配置進行 443 代理

server {
       listen 443 ssl;

       server_name www.example.com example.com;

      ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
      ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
      ssl_protocols       TLSv1 TLSv1.1 TLSv1.2;
      ssl_ciphers         HIGH:!aNULL:!MD5;

       location / {
           proxy_pass http://127.0.0.1:80;
           proxy_set_header X-Real-IP  $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header X-Forwarded-Proto https;
           proxy_set_header X-Forwarded-Port 443;
           proxy_set_header Host $host;
           proxy_connect_timeout       86400;
           proxy_send_timeout          86400;
           proxy_read_timeout          86400;
           send_timeout                86400;
           client_max_body_size 50m;
       client_body_buffer_size 16k;
}
       location /.git {
           deny all;
           return 404;
       }
}

引用自:https://serverfault.com/questions/833897