所以,我有一个authulia和另一个网络应用程序的设置,它在nginx反向代理后面用2FA进行保护。
除了web应用程序中的一个插件外,一切都运行得很好。
Nginx代理管理器给我以下错误,页面为空白:
023/09/28 10:04:50[警告]169#169:*85上游读取上游时发送的数据超过“内容长度”标头中指定的数据,客户端:XX.XX.XX.XX,服务器:domain.mydomain.com,请求:“GET/console/plugins/1302/app_proxy/next dashboard HTTP/2.0”,上游:“https://CC.CC.CC.CC:443/console/plugins/1302/app_proxy/next-dashboard”,主机:“domain.mydomain.com”,引用者:“https://domain.mydomain.com/jsp/myapp.jsp“
没有介于两者之间的authlia应用程序可以很好地与我的nginx配合使用。
这是我的配置:
server {
set $forward_scheme https;
set $server "IP";
set $port 443;
listen 80;
listen [::]:80;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name domain.mydomain.com;
ssl_certificate /cert.pem;
ssl_certificate_key /cert.pem;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
access_log /data/logs/proxy-host-9_access.log proxy;
error_log /data/logs/proxy-host-9_error.log warn;
location /authelia {
internal;
set $upstream_authelia http://IP/api/verify;
proxy_pass_request_body off;
proxy_pass $upstream_authelia;
proxy_set_header Content-Length "";
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
client_body_buffer_size 128k;
proxy_set_header Host $host;
proxy_set_header X-Original-URL $scheme://$http_host$request_uri;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffers 4 256k;
proxy_buffer_size 256k;
send_timeout 5m;
proxy_read_timeout 240;
proxy_send_timeout 240;
proxy_connect_timeout 240;
}
location / {
set $upstream_app https://IP:443;
proxy_pass $upstream_app;
auth_request /authelia;
auth_request_set $target_url $scheme://$http_host$request_uri;
auth_request_set $user $upstream_http_remote_user;
auth_request_set $groups $upstream_http_remote_groups;
proxy_set_header Remote-User $user;
proxy_set_header Remote-Groups $groups;
error_page 401 =302 https://auth.mydomain.com/?rd=$target_url;
client_body_buffer_size 128k;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503;
send_timeout 5m;
proxy_read_timeout 360;
proxy_send_timeout 360;
proxy_connect_timeout 360;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-Host $http_host;
proxy_set_header X-Forwarded-Uri $request_uri;
proxy_set_header X-Forwarded-Ssl on;
proxy_redirect http:// $scheme://;
proxy_http_version 1.1;
proxy_set_header Connection "";
proxy_cache_bypass $cookie_session;
proxy_no_cache $cookie_session;
proxy_buffer_size 256k;
proxy_buffers 32 256k;
fastcgi_buffer_size 32k;
fastcgi_buffers 4 32k;
real_ip_header X-Forwarded-For;
real_ip_recursive on;
}
large_client_header_buffers 4 8k;
include /data/nginx/custom/server_proxy[.]conf;
}
有什么想法吗?
这个配置变得一团糟,因为我尝试了很多cr@p最后2天。
我尝试删除代理缓冲区,行为是一样的,我还添加了fastcgi_buffers,但什么都没发生。