Проблема с конфигурацией Nginx - PullRequest
Новая
       3

Проблема с конфигурацией Nginx

0 голосов
/ 29 июня 2018

У меня дома запущено несколько сервисов с моей виртуальной машины, и у меня возникли некоторые проблемы, связанные с плохими ботами и настройкой перенаправления https для моих поддоменов. Я был бы очень признателен за любую помощь в решении этих проблем.

Проблема bad_bot в том, что если я включу его в файле Nginx, он не позволит мне открыть веб-страницу из любого браузера (выдает ошибку 403). Код ниже: 

map $http_user_agent $bad_bot {
    default     1;
  "~*\bUptimeRobot/2.0\b"       0;
}

Другая проблема заключается в том, что, если я захожу на какой-либо из моих поддоменов, печатая ссылку в браузере, он перенаправляет меня на порт 80 вместо порта 443 по умолчанию. Я хотел бы перенаправить на порт 443 для всех случаев. Содержимое моего default файла ниже: 

include /etc/nginx/blockuseragents.rules;
include /etc/nginx/bad_bots.rules;

map $http_upgrade $connection_upgrade {  
    default upgrade;
    ''      close;
}

#server {
# listen 80 default_server;
#   listen [::]:80 default_server;
#   server_name *.example.in;
#   return 301 https://$server_name$request_uri;
#}

#Main Server Configuration Part
server {
  #BlockedAgent
  if ($blockedagent) {
        return 403;
  }

  #Bad Bots Filtering
  #if ($bad_bot) {
  #      return 403;
  #}

  #Block Request Method
  #if ($request_method !~ ^(GET|HEAD|POST)$) {
  #      return 444;
  #}

  listen [::]:443 ssl http2;
  listen 443 ssl http2;
  server_name example.in;
  include /etc/nginx/conf.d/*.conf;

    #location / { 
    #root /usr/share/nginx/html;
    #index index.html index.htm index.nginx-debian.html;
    #try_files $uri /index.html;
    #}

    #SSL Configuration
    include /etc/nginx/ssl.conf;

    #Tautulli
    location /tautulli {
    proxy_pass http://192.168.0.12:8181;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_set_header X-Forwarded-Ssl on;
    }

    #Transmission Torrent Client
    location /transmission {
    proxy_pass http://192.168.0.12:9091;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    #Radarr Movies
    location /radarr {
    proxy_pass http://192.168.0.12:7878;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    #Sonarr TV Shows
    location /sonarr {
    proxy_pass http://192.168.0.12:8989;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    #Ombi
    location /ombi/ {
    proxy_pass http://192.168.0.12:5000;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Host $server_name;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Ssl on;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_read_timeout  90;
    proxy_redirect http://192.168.0.12:5000 https://$host;
    }
    if ($http_referer ~* /ombi/) {
    rewrite ^/dist/([0-9\d*]).js /ombi/dist/$1.js last;
    }

    #Sabnzbd
    location /sabnzbd {
    proxy_pass http://192.168.0.12:8080;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    #Jackett
    location /jackett {
    proxy_pass http://192.168.0.12:9117;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

}

#Home Assistant Block
#Add entry in Cloudflare DNS ("CNAME home example.DynamicDNSProvider.com") to enable
server {
  ##BlockedAgent
  #if ($blockedagent) {
  #      return 403;
  #}

  listen [::]:443 ssl http2;
  listen 443 ssl http2;
  server_name home.example.in;
  #return 301 https://$host$request_uri;
  include /etc/nginx/conf.d/*.conf;

    #SSL Configuration
    include /etc/nginx/ssl.conf;

    #Home Assistant
    location / {
    proxy_pass http://192.168.0.12:8123/;
    proxy_set_header Host $host;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    #Home Assistant Google Assistant Block
    location /api/google_assistant {
    proxy_pass http://192.168.0.12:8123;
    proxy_set_header Host $host;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    #Home Assistant API and Websocket
    location /api/websocket {
    proxy_pass http://192.168.0.12:8123/api/websocket;
    proxy_set_header Host $host;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    #Home Assistant Notifications Fix
    location /api/notify.html5/callback {
    if ($http_authorization = "") { return 403; }
    allow all;
    proxy_pass http://192.168.0.12:8123;
    proxy_set_header Host $host;
    proxy_redirect http:// https://;
    }
}

#pfSense Block
#Add entry in Cloudflare DNS ("CNAME pfsense example.DynamicDNSProvider.com") to enable
server {
  #BlockedAgent
  if ($blockedagent) {
        return 403;
  }

  listen [::]:443 ssl http2;
  listen 443 ssl http2;
  server_name pfsense.example.in;
  #return 301 https://$host$request_uri;
  include /etc/nginx/conf.d/*.conf;

    #SSL Configuration
    include /etc/nginx/ssl.conf;

    location / {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/.htpasswd;
          proxy_pass https://192.168.0.1:443;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_buffering off;
    }
}

#UniFi Controller Block
#Add entry in Cloudflare DNS ("CNAME unifi example.DynamicDNSProvider.com") to enable
server {
  #BlockedAgent
  if ($blockedagent) {
        return 403;
  }

  listen [::]:443 ssl http2;
  listen 443 ssl http2;
  server_name unifi.example.in;
  #return 301 https://$host$request_uri;
  include /etc/nginx/conf.d/*.conf;

    #SSL Configuration
    include /etc/nginx/ssl.conf;

    location / {
        #auth_basic "Restricted";
          #auth_basic_user_file /etc/nginx/.htpasswd;
          proxy_pass https://localhost:8443;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_buffering off;
    }
}

#FreeNAS Block
#Add entry in Cloudflare DNS ("CNAME newton example.DynamicDNSProvider.com") to enable
server {
  #BlockedAgent
  if ($blockedagent) {
        return 403;
  }

  listen [::]:443 ssl http2;
  listen 443 ssl http2;
  server_name newton.example.in;
  #return 301 https://$host$request_uri;
  include /etc/nginx/conf.d/*.conf;

    #SSL Configuration
    include /etc/nginx/ssl.conf;

    location / {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/.htpasswd;
        proxy_pass https://192.168.0.10:443;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_buffering off;
    }
}

#IPMI Block
#Add entry in Cloudflare DNS ("CNAME ipmi example.DynamicDNSProvider.com") to enable
server {
  #BlockedAgent
  if ($blockedagent) {
        return 403;
  }

  listen [::]:443 ssl http2;
  listen 443 ssl http2;
  server_name ipmi.example.in;
  #return 301 https://$server_name$request_uri;
  include /etc/nginx/conf.d/*.conf;

    #SSL Configuration
    include /etc/nginx/ssl.conf;

    location / {
        auth_basic "Restricted";
        auth_basic_user_file /etc/nginx/.htpasswd;
        proxy_pass https://192.168.0.8:443;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection $connection_upgrade;
        proxy_buffering off;
    }
}

1 Ответ

0 голосов
/ 30 июня 2018

Ваша директива карты задом наперед. Вам также нужно переместить ~ * за пределы кавычек вашего регулярного выражения.

map $http_user_agent $bad_bot { default 1; #This sets $bad_bot to 1 is nothing else matches "~*\bUptimeRobot/2.0\b" 0; #This sets $bad_bot to 0 if the regex matches }

Итак, на данный момент, если вы исправите свое регулярное выражение, тогда UptimeRobot будет $bad_bot 0, а все остальные будут $bad_bot 1

Это не выглядит хорошо для большинства людей, когда они попадают в эту часть вашей конфигурации:

if ($bad_bot) { return 403; }

Добро пожаловать на сайт PullRequest, где вы можете задавать вопросы и получать ответы от других членов сообщества.

Нет похожих вопросов

...