这是一个创建于 910 天前的主题,其中的信息可能已经有所发展或是发生改变。
背景:
- 已签名 let's encrypt 证书
- 已启动 vaultwarden/server docker 容器
需求:
- 当访问 my_domain.com 或者 www.my_domain.com 时,响应对应的 index.html
- 当访问 bitwarden.my_domain.com 时,展示对应的自建 bitwarden 服务
遇到的问题: 需求 1 - 正常,需求 2 - 页面报错,状态码 502
代码:
# etc/nginx/sites-available/my_domain.com
server {
root /var/www/my_domain.com/html;
index index.html index.htm index.nginx-debian.html;
server_name my_domain.com www.my_domain.com;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my_domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my_domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.my_domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = my_domain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name my_domain.com www.my_domain.com;
return 404; # managed by Certbot
}
server {
listen 443 ssl http2;
server_name bitwarden.my_domain.com;
# Specify SSL config if using a shared one.
#include conf.d/ssl/ssl.conf;
include /etc/letsencrypt/options-ssl-nginx.conf;
# Allow large attachments
client_max_body_size 128M;
location / {
proxy_pass http://127.0.0.1:8087;
proxy_http_version 1.1;
proxy_cache_bypass $http_upgrade;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Port $server_port;
}
location /notifications/hub {
proxy_pass http://127.0.0.1:3012;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /notifications/hub/negotiate {
proxy_pass http://127.0.0.1:8087;
}
location /admin {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://127.0.0.1:8087;
}
}
6 条回复 • 2022-05-07 18:26:11 +08:00
 |
1
codefever 2022-05-07 15:23:36 +08:00
使用 Nginx 的 proxy_pass ,可以拦截后端创建的错误和 HTTP 标头
|
 |
2
seers 2022-05-07 15:44:41 +08:00 via Android
直接访问 https://bitwarden 能放问吗,似乎是 80 没做跳转给这个子域名
|
 |
4
cccer 2022-05-07 15:59:26 +08:00
proxy_set_header Upgrade 和 proxy_set_header Connection 是代理 ws 才需要配置的,普通 http 请求不需要。三个路径直面只有 /notifications/hub 是 ws 服务。
我的配置 ``` location / { proxy_pass http://vaultwarden-default; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } location /notifications/hub { proxy_pass http://vaultwarden-ws; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection $http_connection; proxy_set_header X-Real-IP $remote_addr; } location /notifications/hub/negotiate { proxy_pass http://vaultwarden-default; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } ``` |
 |
5
wrebjmns OP @cccer 我是根据 https://www.colinliu.cn/posts/26 这个来配置的。他这里开启了 WS
|
 |
6
amrnxcdt 2022-05-07 18:26:11 +08:00
|
Select Language