Ubuntu
Nginx、SSL 和 Varnish 返回 ERR_TOO_MANY_REDIRECTS
我正在嘗試使用 Lets Encrypt SSL 和 Varnish 設置 Nginx 伺服器以進行記憶體,但我遇到了障礙。出於某種原因,該網站一直在返回
ERR_TOO_MANY_REDIRECTS
,我無法找到原因。我正在執行 Ubuntu 16.04
額外資訊: 不確定這是否會有所不同,但我正在嘗試為子域設置它
dev.example.com
伺服器配置
server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name dev.domain.co.uk; set $base /var/www/dev.domain.co.uk; root $base; # SSL ssl_certificate /etc/letsencrypt/live/dev.domain.co.uk/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/dev.domain.co.uk/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/dev.domain.co.uk/fullchain.pem; # index.php index index.php; # reverse proxy location / { proxy_pass http://127.0.0.1:80; include nginxconfig.io/proxy.conf; } # handle .php location ~ \.php$ { include nginxconfig.io/php_fastcgi.conf; } include nginxconfig.io/general.conf; include nginxconfig.io/wordpress.conf; } # subdomains redirect server { listen 443 ssl http2; listen [::]:443 ssl http2; server_name *.dev.domain.co.uk; # SSL ssl_certificate /etc/letsencrypt/live/dev.domain.co.uk/fullchain.pem; ssl_certificate_key /etc/letsencrypt/live/dev.domain.co.uk/privkey.pem; ssl_trusted_certificate /etc/letsencrypt/live/dev.domain.co.uk/fullchain.pem; return 301 https://dev.domain.co.uk$request_uri; } # HTTP redirect server { listen 8080; listen [::]:8080; server_name .dev.domain.co.uk; include nginxconfig.io/letsencrypt.conf; location / { return 301 https://dev.domain.co.uk$request_uri; } }
/etc/nginx/nginxconfig.io/proxy.conf 文件
proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection "upgrade"; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Host $host; proxy_set_header X-Forwarded-Port $server_port; proxy_cache_bypass $http_upgrade;
/etc/varnish/default.vcl 文件
# # It does not do anything by default, delegating control to the # builtin VCL. The builtin VCL is called when there is no explicit # return statement. # # See the VCL chapters in the Users Guide at https://www.varnish-cache.org/docs/ # and https://www.varnish-cache.org/trac/wiki/VCLExamples for more examples. # Marker to tell the VCL compiler that this VCL has been adapted to the # new 4.0 format. vcl 4.0; # Default backend definition. Set this to point to your content server. backend default { .host = "127.0.0.1"; .port = "8080"; } sub vcl_recv { # Happens before we check if we have this in cache already. # # Typically you clean up the request here, removing cookies you don't need, # rewriting the request, etc. } sub vcl_backend_response { # Happens after we have read the response headers from the backend. # # Here you clean the response headers, removing silly Set-Cookie headers # and other mistakes your backend does. set beresp.ttl = 10s; set beresp.grace = 1h; } sub vcl_deliver { # Happens when we have all the pieces we need, and are about to send the # response to the client. # # You can do accounting or modifying the final object here. }
/lib/systemd/system/varnish.service 文件
[Unit] Description=Varnish HTTP accelerator Documentation=https://www.varnish-cache.org/docs/4.1/ man:varnishd [Service] Type=simple LimitNOFILE=131072 LimitMEMLOCK=82000 ExecStart=/usr/sbin/varnishd -j unix,user=vcache -F -a :80 -T localhost:6082 -f /etc/varnish/default.vcl -S /etc/varnish/secret -s malloc,256m ExecReload=/usr/share/varnish/reload-vcl ProtectSystem=full ProtectHome=true PrivateTmp=true PrivateDevices=true [Install] WantedBy=multi-user.target
/etc/default/清漆文件
# Configuration file for varnish # # /etc/init.d/varnish expects the variables $DAEMON_OPTS, $NFILES and $MEMLOCK # to be set from this shell script fragment. # # Note: If systemd is installed, this file is obsolete and ignored. Please see # /usr/share/doc/varnish/examples/varnish.systemd-drop-in.conf # Should we start varnishd at boot? Set to "no" to disable. START=yes # Maximum number of open files (for ulimit -n) NFILES=131072 # Maximum locked memory size (for ulimit -l) # Used for locking the shared memory log in memory. If you increase log size, # you need to increase this number as well MEMLOCK=82000 # Default varnish instance name is the local nodename. Can be overridden with # the -n switch, to have more instances on a single server. # You may need to uncomment this variable for alternatives 1 and 3 below. # INSTANCE=$(uname -n) # This file contains 4 alternatives, please use only one. ## Alternative 1, Minimal configuration, no VCL # # Listen on port 6081, administration on localhost:6082, and forward to # content server on localhost:8080. Use a 1GB fixed-size cache file. # # This example uses the INSTANCE variable above, which you need to uncomment. # # DAEMON_OPTS="-a :6081 \ # -T localhost:6082 \ # -b localhost:8080 \ # -u varnish -g varnish \ # -S /etc/varnish/secret \ # -s file,/var/lib/varnish/$INSTANCE/varnish_storage.bin,1G" ## Alternative 2, Configuration with VCL # # Listen on port 6081, administration on localhost:6082, and forward to # one content server selected by the vcl file, based on the request. # DAEMON_OPTS="-a :80 \ -T localhost:6082 \ -f /etc/varnish/default.vcl \ -S /etc/varnish/secret \ -s malloc,256m" ## Alternative 3, Advanced configuration # # This example uses the INSTANCE variable above, which you need to uncomment. # # See varnishd(1) for more information. # # # Main configuration file. You probably want to change it :) # VARNISH_VCL_CONF=/etc/varnish/default.vcl # # # Default address and port to bind to # # Blank address means all IPv4 and IPv6 interfaces, otherwise specify # # a host name, an IPv4 dotted quad, or an IPv6 address in brackets. # VARNISH_LISTEN_ADDRESS= # VARNISH_LISTEN_PORT=6081 # # # Telnet admin interface listen address and port # VARNISH_ADMIN_LISTEN_ADDRESS=127.0.0.1 # VARNISH_ADMIN_LISTEN_PORT=6082 # # # Cache file location # VARNISH_STORAGE_FILE=/var/lib/varnish/$INSTANCE/varnish_storage.bin # # # Cache file size: in bytes, optionally using k / M / G / T suffix, # # or in percentage of available disk space using the % suffix. # VARNISH_STORAGE_SIZE=1G # # # File containing administration secret # VARNISH_SECRET_FILE=/etc/varnish/secret # # # Backend storage specification # VARNISH_STORAGE="file,${VARNISH_STORAGE_FILE},${VARNISH_STORAGE_SIZE}" # # # Default TTL used when the backend does not specify one # VARNISH_TTL=120 # # # DAEMON_OPTS is used by the init script. If you add or remove options, make # # sure you update this section, too. # DAEMON_OPTS="-a ${VARNISH_LISTEN_ADDRESS}:${VARNISH_LISTEN_PORT} \ # -f ${VARNISH_VCL_CONF} \ # -T ${VARNISH_ADMIN_LISTEN_ADDRESS}:${VARNISH_ADMIN_LISTEN_PORT} \ # -t ${VARNISH_TTL} \ # -S ${VARNISH_SECRET_FILE} \ # -s ${VARNISH_STORAGE}" # ## Alternative 4, Do It Yourself # # DAEMON_OPTS=""
如果我需要提供任何其他文件,我會非常樂意這樣做,因為我已經被這個錯誤困住了大約 2 個小時,沒有運氣在任何地方搜尋
您的 varnish 配置將所有請求發送到配置為為每個請求發出重定向的 nginx 伺服器,然後將所有 HTTPS 請求指向該 varnish 伺服器。不出所料,這會導致每個請求都被重定向。