如何nginx反向代理\重定向子域到子目錄?

如何nginx反向代理\重定向子域到子目錄?

我有一個子堆疊新聞通訊,其中 CNAME 記錄指向newsletter.identosphere.net

我希望顯示該內容,identosphere.net/newsletter以便用戶可以訪問每個新聞通訊作為我的主網站的一部分:

identosphere.net/newsletter/issue-13/應該顯示內容來自newsletter.identosphere.net/issue-13/

而且,如果可能的話(無論是透過 nginx 或 dns)我想將子域流量重定向到根域上的資料夾

現在我正在使用:

location /newsletter/ {
    proxy_pass        http://newsletter.identosphere.net/;
    access_log /var/log/nginx/reverse-access.log;
    error_log /var/log/nginx/reverse-error.log;
}

此設定會發生什麼:

我輸入https://identosphere.net/newsletter我被重定向到https://newsletter.identosphere.net/


根據要求@ppuschmann,我正在發布我的 nginx 配置的其餘部分。

我沒有提到的是我正在使用郵件箱它是一個自託管電子郵件服務,包括網頁伺服器和 DNS。

主要是透過 GUI 完成客製化。我正在使用一個不支援的功能,該功能允許對您的配置進行一些自訂,但不允許對定期刷新的主配置進行自訂。顯然我無法將伺服器區塊新增到我的「nginx 使用者配置」中,只能新增位置區塊。

此時,我不希望解決這個問題,但如果可能的話我想確定 dns (國家標準發展局)重定向設定阻止了我的反向代理。

這是 NGINX 配置

正如評論中所述,我無法編輯此文件,但我可以透過位於其他地方的配置添加指令。

/etc/nginx/conf.d/local.conf

## NOTE: This file is automatically generated by Mail-in-a-Box.
##       Do not edit this file. It is continually updated by
##       Mail-in-a-Box and your changes will be lost.
##
##       Mail-in-a-Box machines are not meant to be modified.
##       If you modify any system configuration you are on
##       your own --- please do not ask for help from us.

upstream php-fpm {
    server unix:/var/run/php/php7.4-fpm.sock;
}
## identosphere.net

# Redirect all HTTP to HTTPS *except* the ACME challenges (Let's Encrypt TLS certificate
# domain validation challenges) path, which must be served over HTTP per the ACME spec
# (due to some Apache vulnerability).
server {
    listen 80;
    listen [::]:80;

    server_name identosphere.net;
    root /tmp/invalid-path-nothing-here;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    location / {
        # Redirect using the 'return' directive and the built-in
        # variable '$request_uri' to avoid any capturing, matching
        # or evaluation of regular expressions.
        return 301 https://identosphere.net$request_uri;
    }

    location /.well-known/acme-challenge/ {
        # This path must be served over HTTP for ACME domain validation.
        # We map this to a special path where our TLS cert provisioning
        # tool knows to store challenge response files.
        alias /home/user-data/ssl/lets_encrypt/webroot/.well-known/acme-challenge/;
    }
}

# The secure HTTPS server.
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name identosphere.net;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    ssl_certificate /home/user-data/ssl/ssl_certificate.pem;
    ssl_certificate_key /home/user-data/ssl/ssl_private_key.pem;

    root /home/user-data/www/default;

    # ssl files sha1: 4d28ac1a16c0e04772557f6a765cbaa2e4a1d96f / a2eda6be4854a2530dc96a579325f3e95160fc48
    add_header Strict-Transport-Security "max-age=15768000" always;
    include /home/user-data/www/identosphere.net.conf;
    
    # Control Panel
    # Proxy /admin to our Python based control panel daemon. It is
    # listening on IPv4 only so use an IP address and not 'localhost'.
    location /admin/assets {
        alias /usr/local/lib/mailinabox/vendor/assets;
    }
    rewrite ^/admin$ /admin/;
    rewrite ^/admin/munin$ /admin/munin/ redirect;
    location /admin/ {
        proxy_pass http://127.0.0.1:10222/;
        proxy_set_header X-Forwarded-For $remote_addr;
        add_header X-Frame-Options "DENY";
        add_header X-Content-Type-Options nosniff;
        add_header Content-Security-Policy "frame-ancestors 'none';";
    }

    # Roundcube Webmail configuration.
    rewrite ^/mail$ /mail/ redirect;
    rewrite ^/mail/$ /mail/index.php;
    location /mail/ {
        index index.php;
        alias /usr/local/lib/roundcubemail/;
    }
    location ~ /mail/config/.* {
        # A ~-style location is needed to give this precedence over the next block.
        return 403;
    }
    location ~ /mail/.*\.php {
        # note: ~ has precendence over a regular location block
        include fastcgi_params;
        fastcgi_split_path_info ^/mail(/.*)()$;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/roundcubemail/$fastcgi_script_name;
        fastcgi_pass php-fpm;

        # Outgoing mail also goes through this endpoint, so increase the maximum
        # file upload limit to match the corresponding Postfix limit.
        client_max_body_size 128M;
    }

    # Nextcloud configuration.
    rewrite ^/cloud$ /cloud/ redirect;
    rewrite ^/cloud/$ /cloud/index.php;
    rewrite ^/cloud/(contacts|calendar|files)$ /cloud/index.php/apps/$1/ redirect;
    rewrite ^(/cloud/core/doc/[^\/]+/)$ $1/index.html;
    rewrite ^(/cloud/oc[sm]-provider)/$ $1/index.php redirect;
    location /cloud/ {
        alias /usr/local/lib/owncloud/;
        location ~ ^/cloud/(build|tests|config|lib|3rdparty|templates|data|README)/ {
            deny all;
        }
        location ~ ^/cloud/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }
        # Enable paths for service and cloud federation discovery
        # Resolves warning in Nextcloud Settings panel
        location ~ ^/cloud/(oc[sm]-provider)?/([^/]+\.php)$ {
            index index.php;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$1/$2;
            fastcgi_pass php-fpm;
        }
    }
    location ~ ^(/cloud)((?:/ocs)?/[^/]+\.php)(/.*)?$ {
        # note: ~ has precendence over a regular location block
        # Accept URLs like:
        # /cloud/index.php/apps/files/
        # /cloud/index.php/apps/files/ajax/scan.php (it's really index.php; see 6fdef379adfdeac86cc2220209bdf4eb9562268d)
        # /cloud/ocs/v1.php/apps/files_sharing/api/v1 (see #240)
        # /cloud/remote.php/webdav/yourfilehere...
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/owncloud/$2;
        fastcgi_param SCRIPT_NAME $1$2;
        fastcgi_param PATH_INFO $3;
        fastcgi_param MOD_X_ACCEL_REDIRECT_ENABLED on;
        fastcgi_param MOD_X_ACCEL_REDIRECT_PREFIX /owncloud-xaccel;
        fastcgi_read_timeout 630;
        fastcgi_pass php-fpm;
        client_max_body_size 1G;
        fastcgi_buffers 64 4K;
    }
    location ^~ /owncloud-xaccel/ {
        # This directory is for MOD_X_ACCEL_REDIRECT_ENABLED. Nextcloud sends the full file
        # path on disk as a subdirectory under this virtual path.
        # We must only allow 'internal' redirects within nginx so that the filesystem
        # is not exposed to the world.
        internal;
        alias /;
    }
    location ~ ^/((caldav|carddav|webdav).*)$ {
        # Z-Push doesn't like getting a redirect, and a plain rewrite didn't work either.
        # Properly proxying like this seems to work fine.
        proxy_pass https://127.0.0.1/cloud/remote.php/$1;
    }
    rewrite ^/.well-known/host-meta /cloud/public.php?service=host-meta last;
    rewrite ^/.well-known/host-meta.json /cloud/public.php?service=host-meta-json last;
    rewrite ^/.well-known/carddav /cloud/remote.php/carddav/ redirect;
    rewrite ^/.well-known/caldav /cloud/remote.php/caldav/ redirect;

    location = /robots.txt {
        log_not_found off;
        access_log off;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /mailinabox.mobileconfig {
        alias /var/lib/mailinabox/mobileconfig.xml;
    }
    location = /.well-known/autoconfig/mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /.well-known/mta-sts.txt {
        alias /var/lib/mailinabox/mta-sts.txt;
    }

    # Z-Push (Microsoft Exchange ActiveSync)
    location /Microsoft-Server-ActiveSync {
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_read_timeout 630;
        fastcgi_pass php-fpm;

        # Outgoing mail also goes through this endpoint, so increase the maximum
        # file upload limit to match the corresponding Postfix limit.
        client_max_body_size 128M;
    }
    location ~* ^/autodiscover/autodiscover.xml$ {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_pass php-fpm;
    }

    # Disable viewing dotfiles (.htaccess, .svn, .git, etc.)
    # This block is placed at the end. Nginx's precedence rules means this block
    # takes precedence over all non-regex matches and only regex matches that
    # come after it (i.e. none of those, since this is the last one.) That means
    # we're blocking dotfiles in the static hosted sites but not the FastCGI-
    # handled locations for Nextcloud (which serves user-uploaded files that might
    # have this pattern, see #414) or some of the other services.
    location ~ /\.(ht|svn|git|hg|bzr) {
        log_not_found off;
        access_log off;
        deny all;
    }
}
## autoconfig.identosphere.net

# Redirect all HTTP to HTTPS *except* the ACME challenges (Let's Encrypt TLS certificate
# domain validation challenges) path, which must be served over HTTP per the ACME spec
# (due to some Apache vulnerability).
server {
    listen 80;
    listen [::]:80;

    server_name autoconfig.identosphere.net;
    root /tmp/invalid-path-nothing-here;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    location / {
        # Redirect using the 'return' directive and the built-in
        # variable '$request_uri' to avoid any capturing, matching
        # or evaluation of regular expressions.
        return 301 https://autoconfig.identosphere.net$request_uri;
    }

    location /.well-known/acme-challenge/ {
        # This path must be served over HTTP for ACME domain validation.
        # We map this to a special path where our TLS cert provisioning
        # tool knows to store challenge response files.
        alias /home/user-data/ssl/lets_encrypt/webroot/.well-known/acme-challenge/;
    }
}

# The secure HTTPS server.
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name autoconfig.identosphere.net;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    ssl_certificate /home/user-data/ssl/identosphere.net-20210401-90d5ae2d.pem;
    ssl_certificate_key /home/user-data/ssl/ssl_private_key.pem;

    root /home/user-data/www/default;

    # ssl files sha1: 4d28ac1a16c0e04772557f6a765cbaa2e4a1d96f / a2eda6be4854a2530dc96a579325f3e95160fc48
    add_header Strict-Transport-Security "max-age=15768000" always;
    include /home/user-data/www/autoconfig.identosphere.net.conf;

    location = /robots.txt {
        log_not_found off;
        access_log off;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /mailinabox.mobileconfig {
        alias /var/lib/mailinabox/mobileconfig.xml;
    }
    location = /.well-known/autoconfig/mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /.well-known/mta-sts.txt {
        alias /var/lib/mailinabox/mta-sts.txt;
    }

    # Z-Push (Microsoft Exchange ActiveSync)
    location /Microsoft-Server-ActiveSync {
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_read_timeout 630;
        fastcgi_pass php-fpm;

        # Outgoing mail also goes through this endpoint, so increase the maximum
        # file upload limit to match the corresponding Postfix limit.
        client_max_body_size 128M;
    }
    location ~* ^/autodiscover/autodiscover.xml$ {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_pass php-fpm;
    }

    # Disable viewing dotfiles (.htaccess, .svn, .git, etc.)
    # This block is placed at the end. Nginx's precedence rules means this block
    # takes precedence over all non-regex matches and only regex matches that
    # come after it (i.e. none of those, since this is the last one.) That means
    # we're blocking dotfiles in the static hosted sites but not the FastCGI-
    # handled locations for Nextcloud (which serves user-uploaded files that might
    # have this pattern, see #414) or some of the other services.
    location ~ /\.(ht|svn|git|hg|bzr) {
        log_not_found off;
        access_log off;
        deny all;
    }
}
## autodiscover.identosphere.net

# Redirect all HTTP to HTTPS *except* the ACME challenges (Let's Encrypt TLS certificate
# domain validation challenges) path, which must be served over HTTP per the ACME spec
# (due to some Apache vulnerability).
server {
    listen 80;
    listen [::]:80;

    server_name autodiscover.identosphere.net;
    root /tmp/invalid-path-nothing-here;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    location / {
        # Redirect using the 'return' directive and the built-in
        # variable '$request_uri' to avoid any capturing, matching
        # or evaluation of regular expressions.
        return 301 https://autodiscover.identosphere.net$request_uri;
    }

    location /.well-known/acme-challenge/ {
        # This path must be served over HTTP for ACME domain validation.
        # We map this to a special path where our TLS cert provisioning
        # tool knows to store challenge response files.
        alias /home/user-data/ssl/lets_encrypt/webroot/.well-known/acme-challenge/;
    }
}

# The secure HTTPS server.
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name autodiscover.identosphere.net;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    ssl_certificate /home/user-data/ssl/identosphere.net-20210401-90d5ae2d.pem;
    ssl_certificate_key /home/user-data/ssl/ssl_private_key.pem;

    root /home/user-data/www/default;

    # ssl files sha1: 4d28ac1a16c0e04772557f6a765cbaa2e4a1d96f / a2eda6be4854a2530dc96a579325f3e95160fc48
    add_header Strict-Transport-Security "max-age=15768000" always;
    include /home/user-data/www/autodiscover.identosphere.net.conf;

    location = /robots.txt {
        log_not_found off;
        access_log off;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /mailinabox.mobileconfig {
        alias /var/lib/mailinabox/mobileconfig.xml;
    }
    location = /.well-known/autoconfig/mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /.well-known/mta-sts.txt {
        alias /var/lib/mailinabox/mta-sts.txt;
    }

    # Z-Push (Microsoft Exchange ActiveSync)
    location /Microsoft-Server-ActiveSync {
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_read_timeout 630;
        fastcgi_pass php-fpm;

        # Outgoing mail also goes through this endpoint, so increase the maximum
        # file upload limit to match the corresponding Postfix limit.
        client_max_body_size 128M;
    }
    location ~* ^/autodiscover/autodiscover.xml$ {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_pass php-fpm;
    }

    # Disable viewing dotfiles (.htaccess, .svn, .git, etc.)
    # This block is placed at the end. Nginx's precedence rules means this block
    # takes precedence over all non-regex matches and only regex matches that
    # come after it (i.e. none of those, since this is the last one.) That means
    # we're blocking dotfiles in the static hosted sites but not the FastCGI-
    # handled locations for Nextcloud (which serves user-uploaded files that might
    # have this pattern, see #414) or some of the other services.
    location ~ /\.(ht|svn|git|hg|bzr) {
        log_not_found off;
        access_log off;
        deny all;
    }
}
## mta-sts.identosphere.net

# Redirect all HTTP to HTTPS *except* the ACME challenges (Let's Encrypt TLS certificate
# domain validation challenges) path, which must be served over HTTP per the ACME spec
# (due to some Apache vulnerability).
server {
    listen 80;
    listen [::]:80;

    server_name mta-sts.identosphere.net;
    root /tmp/invalid-path-nothing-here;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    location / {
        # Redirect using the 'return' directive and the built-in
        # variable '$request_uri' to avoid any capturing, matching
        # or evaluation of regular expressions.
        return 301 https://mta-sts.identosphere.net$request_uri;
    }

    location /.well-known/acme-challenge/ {
        # This path must be served over HTTP for ACME domain validation.
        # We map this to a special path where our TLS cert provisioning
        # tool knows to store challenge response files.
        alias /home/user-data/ssl/lets_encrypt/webroot/.well-known/acme-challenge/;
    }
}

# The secure HTTPS server.
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name mta-sts.identosphere.net;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    ssl_certificate /home/user-data/ssl/identosphere.net-20210401-90d5ae2d.pem;
    ssl_certificate_key /home/user-data/ssl/ssl_private_key.pem;

    root /home/user-data/www/default;

    # ssl files sha1: 4d28ac1a16c0e04772557f6a765cbaa2e4a1d96f / a2eda6be4854a2530dc96a579325f3e95160fc48
    add_header Strict-Transport-Security "max-age=15768000" always;
    include /home/user-data/www/mta-sts.identosphere.net.conf;

    location = /robots.txt {
        log_not_found off;
        access_log off;
    }

    location = /favicon.ico {
        log_not_found off;
        access_log off;
    }

    location = /mailinabox.mobileconfig {
        alias /var/lib/mailinabox/mobileconfig.xml;
    }
    location = /.well-known/autoconfig/mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /mail/config-v1.1.xml {
        alias /var/lib/mailinabox/mozilla-autoconfig.xml;
    }
    location = /.well-known/mta-sts.txt {
        alias /var/lib/mailinabox/mta-sts.txt;
    }

    # Z-Push (Microsoft Exchange ActiveSync)
    location /Microsoft-Server-ActiveSync {
        include /etc/nginx/fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/index.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_read_timeout 630;
        fastcgi_pass php-fpm;

        # Outgoing mail also goes through this endpoint, so increase the maximum
        # file upload limit to match the corresponding Postfix limit.
        client_max_body_size 128M;
    }
    location ~* ^/autodiscover/autodiscover.xml$ {
        include fastcgi_params;
        fastcgi_param SCRIPT_FILENAME /usr/local/lib/z-push/autodiscover/autodiscover.php;
        fastcgi_param PHP_VALUE "include_path=.:/usr/share/php:/usr/share/pear:/usr/share/awl/inc";
        fastcgi_pass php-fpm;
    }

    # Disable viewing dotfiles (.htaccess, .svn, .git, etc.)
    # This block is placed at the end. Nginx's precedence rules means this block
    # takes precedence over all non-regex matches and only regex matches that
    # come after it (i.e. none of those, since this is the last one.) That means
    # we're blocking dotfiles in the static hosted sites but not the FastCGI-
    # handled locations for Nextcloud (which serves user-uploaded files that might
    # have this pattern, see #414) or some of the other services.
    location ~ /\.(ht|svn|git|hg|bzr) {
        log_not_found off;
        access_log off;
        deny all;
    }
}
## www.identosphere.net

# Redirect all HTTP to HTTPS *except* the ACME challenges (Let's Encrypt TLS certificate
# domain validation challenges) path, which must be served over HTTP per the ACME spec
# (due to some Apache vulnerability).
server {
    listen 80;
    listen [::]:80;

    server_name www.identosphere.net;
    root /tmp/invalid-path-nothing-here;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    location / {
        # Redirect using the 'return' directive and the built-in
        # variable '$request_uri' to avoid any capturing, matching
        # or evaluation of regular expressions.
        return 301 https://www.identosphere.net$request_uri;
    }

    location /.well-known/acme-challenge/ {
        # This path must be served over HTTP for ACME domain validation.
        # We map this to a special path where our TLS cert provisioning
        # tool knows to store challenge response files.
        alias /home/user-data/ssl/lets_encrypt/webroot/.well-known/acme-challenge/;
    }
}

# The secure HTTPS server.
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;

    server_name www.identosphere.net;

    # Improve privacy: Hide version an OS information on
    # error pages and in the "Server" HTTP-Header.
    server_tokens off;

    ssl_certificate /home/user-data/ssl/identosphere.net-20210401-90d5ae2d.pem;
    ssl_certificate_key /home/user-data/ssl/ssl_private_key.pem;

    rewrite ^(.*) https://identosphere.net$1 permanent;
}

答案1

您至少需要設定:

proxy_set_header Host newsletter.identosphere.net;

這會將正確的Host標頭髮送到上游伺服器,上游伺服器可能配置為Host在請求中存在不正確的標頭時發送重定向。

答案2

您可以在 Nginx 設定中使用伺服器區塊,然後使用反向代理。它甚至允許連接埠重定向,這真是太棒了。

以下是關於即時網站的摘錄,來自我的個人資料/etc/nginx/sites-available/default

server {
    server_name   wows-karma.com www.wows-karma.com;
    location / {
        proxy_pass         http://localhost:5021;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }

server {
    server_name   api.wows-karma.com;
    location / {
        proxy_pass         http://localhost:5020/api/;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }

這個範例(順便說一下,這是一個真實的、即時的、可運作的網站)應該足以涵蓋您的用例。我建議您遵循 API 範例,並根據您的需求進行調整。

哦,還有,反向代理也適用於遠端目的地,而不僅僅是本地。想想可能性...

相關內容