Я использую Redis для использования с Rails и Action Cable. Все они находятся за обратным прокси-сервером Nginx. В настоящее время, когда Redis подключается, я получаю
# Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted.
Возможно ли, что это вызвано настройкой Nginx? Вот конфигурация, если так:
server {
server_name "###";
location / { proxy_pass http://127.0.0.1:3000; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
}
location /cable { proxy_pass http://127.0.0.1:6379;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Host $host;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/###/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/###/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = ###) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name "###";
return 404; # managed by Certbot
}