nginx作为棱镜的反向代理

  • 2016年6月13日
  • 13个答复
  • 1957年的观点
r
徽章 +2
棱镜使用的JSessionId cookie尚未设置。尝试使用可用选项。有人成功地做到了吗?
拉维·穆拉(Ravi S Mula)

13个答复

乔恩
秩
UserLevel 6
徽章 +29
我很好奇,您想在需要这种配置的地方做什么?
乔恩·科勒|Nutanix工程技术总监|Nutanix NPX#003,VCDX#116 |@jonkohler |如果有用的话,请荣誉!
r
徽章 +2
在这里,我们没有很多公共IP。因此,我们将所有域都指向一个VM,在该VM上,我们将反向代理(重定向请求)设置为仅具有内部IP的另一个VM。

我也有一个域注册为Prism控制台,因此我们可以访问域而不是IP,并且也可以访问外部外部网络,但是我遵循的其他站点的配置也不适用于Prism。

下面附加样品配置

服务器 {
听80;
server_name示例网站
地点 / {
proxy_set_header主机example.com;
PROXY_SET_HEADER X-REAL -IP $ remote_addr;
proxy_set_header x-forwarded proto http;
proxy_set_header x-forwarded-for $ remote_addr;
proxy_set_header x-forwarded-host $ remote_addr;
proxy_passhttps://172.x.x.x.x:9440/;
#proxy_connect_timeout 240;
#proxy_send_timeout 240;
#proxy_read_timeout 240;
///添加了此代码以设置cookie,但没有工作
if($ http_cookie〜*“ jsessionid =([^;]+)(?:; | $)”){
设置$ co“ jsessionid = $ 1”;
}
proxy_set_header cookie“ $ co”;
///代码结束
}
}
拉维·穆拉(Ravi S Mula)
\n
\nI have a domain registered for prism console as well, so that we can accesss the domain rather than the IP as well as can be accessible outside out network as well, but the same configuration I followed for other sites didn't work with prism.
\n
\nAttaching sample configuration below
\n
\nserver {
\n listen 80;
\n server_name example.com
\n location \/ {
\n proxy_set_header Host example.com;
\n proxy_set_header X-Real-IP $remote_addr;
\n proxy_set_header X-Forwarded-Proto http;
\n proxy_set_header X-Forwarded-For $remote_addr;
\n proxy_set_header X-Forwarded-Host $remote_addr;
\n proxy_pass https:\/\/172.x.x.x:9440\/;<\/a>
\n #proxy_connect_timeout 240;
\n #proxy_send_timeout 240;
\n #proxy_read_timeout 240;
\n\/\/\/ Added this code to set the cookie, but didn't worked
\n if ($http_cookie ~* \"jsessionid=([^;]+)(?:;|$)\") {
\n set $co \"jsessionid=$1\";
\n }
\n proxy_set_header Cookie \"$co\";
\n\/\/\/ Code END
\n }
\n}","quoteUsername":"ravismula","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
乔恩
秩
UserLevel 6
徽章 +29
可以说您正在尝试使用公共IP从Internet访问Prism?
乔恩·科勒|Nutanix工程技术总监|Nutanix NPX#003,VCDX#116 |@jonkohler |如果有用的话,请荣誉!
r
徽章 +2
是的
拉维·穆拉(Ravi S Mula)
r
秩
徽章 +2
嗨,拉维,

cookie未被设置为您遇到的主要问题吗?您能描述详细信息吗?浏览器带有DEV控制台的屏幕截图也将很有帮助。

谢谢,
- 射线
\n
\nIs the cookie not being set the main problem you are having, can you describe the issues you are having in details? A screenshot with the dev console from the browser would be also helpful.
\n
\nThanks,
\n- Ray","quoteUsername":"rayxie","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
G
秩
徽章 +1
乍一看,值得尝试的两件事:
1)将Proxy_Pass指令移至该部分的末尾(set_cookie部分之后)
2)与您正在查看的cookie方法,可以查看以下参数proxy_cookie_domain:
http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_cookie_domain
\n1) Move the proxy_pass directive to the end of that section (after the set_cookie portion)
\n2) Rather than the cookie method you're looking at, maybe take a look at the following parameters proxy_cookie_domain:
\nhttp:\/\/nginx.org\/en\/docs\/http\/ngx_http_proxy_module.html#proxy_cookie_domain<\/a>","quoteUsername":"greg3","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
r
徽章 +2
对延迟回应表示歉意

我已经尝试了建议的步骤,但问题仍然存在
拉维·穆拉(Ravi S Mula)
\n\ufeff
\nI've tried the suggested steps but still the problem exists","quoteUsername":"ravismula","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
r
徽章 +2
对于延迟的回应表示歉意。

我认为饼干是问题所在。
查找设置配置时要提出的网络请求的图像

拉维·穆拉(Ravi S Mula)
\n
\nI think that the cookie is the problem.
\nFind the image of the network requests that are being made when setting the configuration
\n

<\/a><\/p>","quoteUsername":"ravismula","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

一个
徽章
拉维,我很感激这已经解决了将近一年,所以我假设您已经找到了答案。以防万一,为了Docuthaiton,这是两个指针。全面披露:我为Nginx工作,刚刚开始挖掘Nutanix平台,所以YMMV。1)要使用NGINX设置新的cookie,您需要使用“ add_header set-cookie”指令而不是'proxy_set_header'。使用您的示例的格式将是'add_header set-cookie jsessionid = $ co;'(请注意,在这种情况下,您需要从$ CO集中删除“ JSessionId”)。2)Nginx Plus是NGINX的商业版本,支持可以从应用程序中读取和学习JSessionID的其他负载平衡方法。作为Nutanix的新手,我不确定这是您要寻找的东西,但是仅基于您在寻找JSessionId的if语句,我认为这是同一用例。您可以在nginx.org上找到有关JSessionId学习的文档。希望在这几个月之后有所帮助。 ravismula wrote:Here we don't have many public IP's. So we point all the domains to one VM, on which we setup a reverse proxy (redirect request) to another VM which has only an internal IP.

我也有一个域注册为Prism控制台,因此我们可以访问域而不是IP,并且也可以访问外部外部网络,但是我遵循的其他站点的配置也不适用于Prism。

下面附加样品配置

服务器 {
听80;
server_name示例网站
地点 / {
proxy_set_header主机example.com;
PROXY_SET_HEADER X-REAL -IP $ remote_addr;
proxy_set_header x-forwarded proto http;
proxy_set_header x-forwarded-for $ remote_addr;
proxy_set_header x-forwarded-host $ remote_addr;
proxy_passhttps://172.x.x.x.x:9440/;
#proxy_connect_timeout 240;
#proxy_send_timeout 240;
#proxy_read_timeout 240;
///添加了此代码以设置cookie,但没有工作
if($ http_cookie〜*“ jsessionid =([^;]+)(?:; | $)”){
设置$ co“ jsessionid = $ 1”;
}
proxy_set_header cookie“ $ co”;
///代码结束
}
}


Ravi,I appreciate that this has been unresolved for almost a year so I'm assuming you found the answer(s) already. Just in case, and for the sake of documentaiton, here are two pointers. Full disclosure: I work for NGINX and am just starting to dig into the Nutanix platform, so YMMV. 1) To set a new cookie with NGINX, you need use the 'add_header Set-Cookie' directive instead of 'proxy_set_header'. The format using your example would be 'add_header Set-Cookie jsessionid=$co;' (note that in this case you would need to remove 'jsessionid' from your $co set). 2) NGINX Plus, the commercial version of NGINX, supports additional load balancing methods which can read and learn a jsessionid from the app. Being new to Nutanix I'm not sure this is what you're looking for, but simply based on your if statement where you're looking for a jsessionid I assume this is the same use case. You can find documentation on jsessionid learning on nginx.org. Hope that helps all these months later. ravismula wrote:Here we don't have many public IP's. So we point all the domains to one VM, on which we setup a reverse proxy (redirect request) to another VM which has only an internal IP.
\n
\nI have a domain registered for prism console as well, so that we can accesss the domain rather than the IP as well as can be accessible outside out network as well, but the same configuration I followed for other sites didn't work with prism.
\n
\nAttaching sample configuration below
\n
\nserver {
\n listen 80;
\n server_name example.com
\n location \/ {
\n proxy_set_header Host example.com;
\n proxy_set_header X-Real-IP $remote_addr;
\n proxy_set_header X-Forwarded-Proto http;
\n proxy_set_header X-Forwarded-For $remote_addr;
\n proxy_set_header X-Forwarded-Host $remote_addr;
\n proxy_pass https:\/\/172.x.x.x:9440\/;<\/a>
\n #proxy_connect_timeout 240;
\n #proxy_send_timeout 240;
\n #proxy_read_timeout 240;
\n\/\/\/ Added this code to set the cookie, but didn't worked
\n if ($http_cookie ~* \"jsessionid=([^;]+)(?:;|$)\") {
\n set $co \"jsessionid=$1\";
\n }
\n proxy_set_header Cookie \"$co\";
\n\/\/\/ Code END
\n }
\n}
\n
\n
\n<\/blockquote>","quoteUsername":"amurphy","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
C
Userlevel 1
徽章 +2

@Jon您对PC前反向代理的好奇心的一种可能答案是,提供自助服务的更好的UX。例如,我们正在使用Prism中央自助服务为开发人员提供VM。我们不想给他们一个带有9440端口的URL,我们想发布一些常见问题解答。我们试图用NGINX反向代理PC,但是我们遇到了问题(基于路径的反向代理和NGINX缓存)。因此,我们最终获得了一个带有PC和FAQ的链接的着陆页。

(1)这种预期的行为是反向代理PC吗?有人有工作吗?

(2)可以将PC配置为在443上收听吗?我检查的最后一个,答案是“否”。

@Jon<\/user-mention>\u00a0 one possible answer to your curiosity about a reverse proxy in front of PC is for a better UX with Self-Service. For example, we\u2019re using Prism Central Self-Service for our developers to provision VMs. We don\u2019t want to give them a URL with port 9440 and we want to publish some FAQs. We tried to reverse proxy PC with nginx, but we had issues (path based reverse proxying and nginx caching). So, we ended up with a landing page with links to PC and FAQs.\u00a0<\/p>

(1) Is this expected behavior\u00a0with reverse proxying PC? Anybody has this working?<\/p>

(2) Can PC be configured to listen on 443? The last I checked, the answer was \u201cno\u201d.<\/p>","quoteUsername":"CyberG","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

乔恩
秩
UserLevel 6
徽章 +29

1-我怀疑有人在这里内部实际尝试过,所以我不知道一种或另一种方法是否会很好地工作或不脱机

2-不,棱镜(元素和中央)在9440上发表作为静态事物。我认为一个足够狡猾的人可以侵入它,但是它可能以奇妙的方式炸毁,因为这不是我们支持的/QA(更改Prism端口)

乔恩·科勒|Nutanix工程技术总监|Nutanix NPX#003,VCDX#116 |@jonkohler |如果有用的话,请荣誉!
1 - I doubt that anyone actually tried it internally here, so I dont know one way or the other if reverse proxying would work well or not offhand<\/p>

2 - No, Prism (element and central) is published on 9440 as a static thing. I think someone sufficiently crafty could hack it in, but it may blow up in fantastic ways since that is not something we support\/qa (changing the prism port)<\/p>","quoteUsername":"Jon","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

C
Userlevel 1
徽章 +2

@Jon谢谢你回来。因此,我尝试了对PC进行反向代理,并且在使用NGINX缓存,基于路径的反向代理和Web插座的初始打ic之后,我终于与以下配置一起使用了,从而导致登录失败和VM控制台访问问题。

地点 / {
proxy_pass https:// cloudConsole;
proxy_intercept_errors on;
proxy_set_header主机$主机;
PROXY_SET_HEADER X-REAL -IP $ remote_addr;
proxy_set_header x-forwarded-for $ proxy_add_x_forwarded_for;
proxy_set_header x-forwarded proto $方案;
proxy_http_version 1.1;
proxy_set_header升级$ http_upgrade;
proxy_set_header连接“升级”;
}

CloudConsole是指上游PC URL。

通过反向代理访问PC时,没有发现任何损坏的东西。

@Jon<\/user-mention>\u00a0 Thank you for getting back. So, I tried reverse proxying the PC and after initial hiccups with nginx caching, path-based reverse proxying and web sockets reverse proxying causing login failures and VM console access issues, I\u2019ve finally had it working with the following config:<\/p>

\u00a0<\/p>

        location \/ {
          proxy_pass https:\/\/cloudconsole;
          proxy_intercept_errors on;
          proxy_set_header        Host $host;
          proxy_set_header        X-Real-IP $remote_addr;
          proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_set_header        X-Forwarded-Proto $scheme;
          proxy_http_version 1.1;
          proxy_set_header Upgrade $http_upgrade;
          proxy_set_header Connection \"upgrade\";
        }<\/code><\/pre>
\u00a0<\/p>
cloudconsole refers to the upstream PC URL.<\/p>
Didn\u2019t find anything broken so far when accessing the PC via the reverse proxy.<\/p>
\u00a0<\/p>","quoteUsername":"CyberG","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">
乔恩
秩
UserLevel 6
徽章 +29

酷,做得好!

乔恩·科勒|Nutanix工程技术总监|Nutanix NPX#003,VCDX#116 |@jonkohler |如果有用的话,请荣誉!
cool, good work!<\/p>","quoteUsername":"Jon","translations":{"Common":{"like":"Like","unlike":"Unlike"},"Forum":{"Quote":"Quote","Share":"Share"}}}">

回复


Baidu