如何配置NGINX conf location以使用AWS ALB?我有一个docker compose,它模拟部署到AWS ECS的登台环境,工作正常,状态200 OK:
/review-staging 200 OK
/review-staging/wp-admin 200 OK
/review-staging/graphql 200 OK
虽然这在Docker compose安装程序中非常有效,但在我针对AWS版本运行请求后,对于目前为止测试的特定路径,情况就不一样了
/review-staging/wp-admin. 详情如下:
/review-staging 200 OK
/review-staging/wp-admin 302 fail (Browser throws ERR_TOO_MANY_REDIRECTS)
/review-staging/graphql 200 OK
CloudWatch日志显示了以下几项:
17/Oct/2019:01:54:07 +0000 "GET /review-ci/wp-admin/index.php" 302
我拥有的NGINX conf文件是:
server {
listen 80;
server_name foobar;
root /var/www/html;
index index.php index.html index.htm;
charset UTF-8;
autoindex off;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
client_max_body_size 200m;
# Do not log access to these to keep the logs cleaner
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
location = /favicon.ico {
log_not_found off;
access_log off;
}
location = /apple-touch-icon.png {
log_not_found off;
access_log off;
}
location = /apple-touch-icon-precomposed.png {
log_not_found off;
access_log off;
}
location / {
try_files $uri $uri/ =404;
}
location ~ /elbhealth {
add_header Content-Type text/html;
return 200 \'OK\';
}
location /review-staging {
try_files $uri $uri/ /review-staging/index.php?$args;
}
# Fix for Firefox issue with cross site font icons
location ~* \\.(eot|otf|ttf|woff)$ {
add_header Access-Control-Allow-Origin *;
}
# Deny access to any files with a .php extension in the uploads directory
location ~* /(?:uploads|files)/.*\\.php$ {
deny all;
}
location ~ \\.php$ {
try_files $uri =404;
fastcgi_split_path_info ^(.+\\.php)(/.+)$;
fastcgi_pass php-fpm:9000;
fastcgi_index index.php;
include fastcgi_params;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param PATH_INFO $fastcgi_path_info;
}
location ~ \\.(js|css|png|jpg|woff|gif|ttf|ico|svg)$ {
try_files $uri =404;
}
}
我的期望是让它在docker compose设置中正常工作。
最合适的回答,由SO网友:punkbit 整理而成
出现问题的原因是AWS ALB的工作方式,或者至少是我的设置方式(公平地说,这似乎是一种安静的常见做法),负载平衡器侦听HTTPS:443并转发到目标HTTP:80。上述问题err-too-many-redirects 与目标应用程序创建的无止境循环相关。用户请求/wp-admin 除非我们强制Wordpress管理使用SSL模式,否则无休止的转发循环将继续进行,而这可以通过在wp config中设置参数force SSL admin来实现。php:
define(\'FORCE_SSL_ADMIN\', true);
我在尝试服务器https的PHP保留变量后发现了这一点:
$_SERVER[\'HTTPS\'] = \'on\'
这两者都有助于解决问题,我说是“帮助”,因为您可能仍然会发现混合的内容警告消息等,而某些浏览器可能会阻止加载内容(img、css等),甚至阻止呈现您的应用程序服务。因此,请注意Wordpress数据库中的任何不良协议气味(HTTP vs HTTPS),等等-这超出了我最初公开的案例的范围,即302,但我希望它对您有所帮助,如果您遇到这种情况,它会引导您走向正确的方向。
鉴于AWS架构发布了一个关于类似用例的教程,上述问题非常常见(https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-listeners.html#redirect-actions ).
