我正在運行 Redis,與 Rails 和 Action Cable 一起使用。這些都位於 Nginx 反向代理後面。目前,每當 Redis 連接到時,我都會得到
# Possible SECURITY ATTACK detected. It looks like somebody is sending POST or Host: commands to Redis. This is likely due to an attacker attempting to use Cross Protocol Scripting to compromise your Redis instance. Connection aborted.
Nginx 設定是否可能導致此問題?如果是的話,這是配置:
server {
server_name "###";
location / { proxy_pass http://127.0.0.1:3000; proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Port $server_port;
proxy_set_header X-Forwarded-Host $host;
}
location /cable { proxy_pass http://127.0.0.1:6379;
proxy_set_header X-Forwarded-Proto $scheme; proxy_set_header X-Forwarded-Ssl on; proxy_set_header X-Forwarded-Port $server_port; proxy_set_header X-Forwarded-Host $host;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/###/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/###/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = ###) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name "###";
return 404; # managed by Certbot
}