简短版本:
我想使用NGINX作为反向代理,以便访问面向公众的URL的客户端从代理后面的内部Gunicorn服务器获得API数据:
external path (proxy) => internal app
<static IP>/ABC/data => 127.0.0.1:8001/data我没有得到正确的位置Map。
长版本:
我第一次设置NGINX,并试图将其用作Gunicorn提供的rest API的反向代理。该api在127.0.0.1:8001上提供服务,我可以从服务器访问它并获得相应的响应,因此我相信该部分工作正常。它正在使用Supervisord持续运行。
我想从外部访问其中一个API端点<static IP>/ABC/data。在Gunicorn服务器上,此端点位于localhost:8001/data。最终,我想通过NGINX为根目录的其他Web应用程序提供服务,如<static IP>/foo,<static IP>/bar等。这些Web应用程序中的每一个都来自独立的Python应用程序。但目前,当我尝试从外部访问端点时,我得到了一个444错误代码,所以我认为我没有正确配置NGINX。
我第一次尝试在config posted on the Guincorn site上进行NGINX配置。我没有使用单个配置,而是将其拆分为全局配置和特定于站点的配置。我在etc/nginx/nginx.conf上的全局配置如下所示:
user ops;
worker_processes 1;
pid /run/nginx.pid;
error_log /tmp/nginx.error.log;
events {
worker_connections 1024; # increase if you have lots of clients
accept_mutex off; # set to 'on' if nginx worker_processes > 1
use epoll;
# 'use epoll;' to enable for Linux 2.6+
# 'use kqueue;' to enable for FreeBSD, OSX
}
http {
include mime.types;
# fallback in case we can't determine a type
default_type application/octet-stream;
access_log /tmp/nginx.access.log combined;
sendfile on;
server_tokens off;
server {
# if no Host match, close the connection to prevent host spoofing
listen 80 default_server;
return 444;
}
gzip on;
gzip_disable "msie6";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}然后,我的站点特定配置在/etc/nginx/sites-available中(并在/etc/nginx/sites-enabled中符号链接)是:
upstream app_server {
# fail_timeout=0 means we always retry an upstream even if it failed
# to return a good HTTP response
# for UNIX domain socket setups
# server unix:/tmp/gunicorn_abc_api.sock fail_timeout=0;
# for a TCP configuration
server 127.0.0.1:8001 fail_timeout=0;
}
server {
# use 'listen 80 deferred;' for Linux
# use 'listen 80 accept_filter=httpready;' for FreeBSD
listen 80 deferred;
client_max_body_size 4G;
# set the correct host(s) for your site
server_name _;
keepalive_timeout 100;
# path for static files
#root /path/to/app/current/public;
location /ABC {
# checks for static file, if not found proxy to app
try_files $uri @proxy_to_app;
}
location @proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# enable this if and only if you use HTTPS
# proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
# we don't want nginx trying to do something clever with
# redirects, we set the Host: header above already.
proxy_redirect off;
proxy_pass http://app_server;
}
# error_page 500 502 503 504 /500.html;
# location = /500.html {
# root /path/to/app/current/public;
# }
}配置通过了service nginx checkconfig,但我最终在访问日志中看到以下内容:
XXX.XXX.X.XXX - - [09/Sep/2016:01:03:18 +0000] "GET /ABC/data HTTP/1.1" 444 0 "-" "python-requests/2.10.0"我想我在某种程度上没有正确配置路由。任何建议将不胜感激。
更新:
我做了一些修改,现在它可以正常工作了。我注解掉了下面的代码块:
server {
# if no Host match, close the connection to prevent host spoofing
listen 80 default_server;
return 444;
}我不知道如何获得返回444的行为,除非有一个有效的路由。我想,但我仍然停留在这一部分。这个块似乎吃了所有传入的请求。我还改变了应用程序配置:
upstream app_server {
server 127.0.0.1:8001 fail_timeout=0;
}
server {
# use 'listen 80 deferred;' for Linux
# use 'listen 80 accept_filter=httpready;' for FreeBSD
listen 80 deferred;
client_max_body_size 100M;
# set the correct host(s) for your site
server_name $hostname;
keepalive_timeout 100;
location /ABC {
# checks for static file, if not found proxy to app
try_files $uri @proxy_to_app;
}
location @proxy_to_app {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
# enable this if and only if you use HTTPS
# proxy_set_header X-Forwarded-Proto https;
proxy_set_header Host $http_host;
# we don't want nginx trying to do something clever with
# redirects, we set the Host: header above already.
proxy_redirect off;
rewrite ^/ABC/(.*) /$1 break;
proxy_pass http://app_server;
}
}基本上,我似乎不得不显式地设置server_name,并使用rewrite来获得到应用服务器的正确Map。
2条答案
按热度按时间yh2wf1be1#
这对我来说很好,只有在没有其他服务器名称匹配时才返回444(挂起连接):
ivqmmu1c2#
在服务器块内添加这行 * 替换Facebook到您的域名
}