我已经在aws上创建了一个私有的bucket,我想使用nginx来反向代理它。我已经为所有不同的代理使用了相同的服务器。这是nginx的配置文件:
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log warn;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
server_names_hash_bucket_size 64;
server {
listen 80;
server_name ec2-...-...-....eu-central-1.compute.amazonaws.com;
rewrite ^(.*) https://$host$1 permanent;
}
server {
listen 443;
server_name ec2-...-...-....eu-central-1.compute.amazonaws.com;
ssl_certificate /etc/nginx/ssl/server.crt;
ssl_certificate_key /etc/nginx/ssl/server.key;
ssl on;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:!aNULL:!eNULL:!EXPORT:!CAMELLIA:!DES:!MD5:!PSK:!RC4;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/ssl_access.log;
location ^~ / {
#proxy_set_header x-real-IP $remote_addr;
#proxy_set_header x-forwarded-for $proxy_add_x_forwarded_for;
#proxy_set_header host $host;
#proxy_pass https://url.com;
#proxy_set_header Host $host;
#proxy_set_header X-Real-IP $remote_addr;
#proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
#proxy_set_header X-Forwarded-Proto $scheme;
# Fix the “It appears that your reverse proxy set up is broken" error.
proxy_pass https://url.com;
proxy_read_timeout 30;
proxy_ssl_session_reuse off;
proxy_ssl_verify off;
}
location /one/service {
# proxy_set_header X-Real-IP $remote_addr;
# proxy_set_header Host $host;
# proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://beanstalk-4.212314.eu-central-1.elasticbeanstalk.com/;
proxy_read_timeout 30;
proxy_ssl_session_reuse off;
proxy_ssl_verify off;
}
location /privateproxy {
set $s3_bucket 'bucketname.s3.eu-central-1.amazonaws.com';
set $aws_access_key 'AWSAccessKeyId=mykey';
set $url_expires 'Expires=$arg_e';
set $url_signature 'Signature=$arg_st';
set $url_full '$1?$aws_access_key&$url_expires&$url_signature';
proxy_http_version 1.1;
proxy_set_header Host $s3_bucket;
proxy_set_header Authorization '';
proxy_hide_header x-amz-id-2;
proxy_hide_header x-amz-request-id;
proxy_hide_header Set-Cookie;
proxy_ignore_headers "Set-Cookie";
proxy_buffering off;
proxy_intercept_errors on;
resolver 172.16.0.23 valid=300s;
resolver_timeout 10s;
proxy_pass http://$s3_bucket/$url_full;
}
}
}
但是我得到502坏网关我在配置中做错了什么吗?
日志文件:2016年3月21日09:13:42【错误提示】16695#0:*8 bucket.s3.eu-central-1.amazonaws.com无法解析(110:操作超时)
3条答案
按热度按时间bgtovc5b1#
如果存储桶名称正确,则问题出在解析器。描述的IP地址:172.16.0.23仅作为 * 非VPC EC2的DNS服务器工作。* 如果您使用VPC,解析器应等于您希望从以下位置获得的解析器:
例如,10.0.1.0/16 VPC子网可能将10.0.1.2分配为内部解析器。如果您不知道使用的是哪一个(VPC/非VPC),那么开放DNS应该会有所帮助:
还要确保指定了合理的S3存储桶名称:
y4ekin9u2#
如果运行nginx的EC2服务器与您的私有S3 bucket在同一个VPC中,那么您可以设置一个S3 VPC端点,并更新您的bucket策略以使用该端点(details here),然后只需将其添加到您的nginx.conf:
0wi1tuuw3#
考虑从NGINX引用this project。它包含代理私有S3桶所需的所有配置。