gpt4 book ai didi

node.js - Nginx: proxy_pass + websocket + basic authentication + Safari = 访问日志无限循环

转载 作者:行者123 更新时间:2023-12-05 07:30:04 25 4
gpt4 key购买 nike

Safari(桌面和 iOS)

受 nginx 基本身份验证保护的 Meteor Web 应用程序。

当我在 Safari 上访问该应用程序时,我在无限循环中看到以下访问日志记录。 Chrome 按预期工作。 nginx 错误日志中没有记录。我的猜测是由于某种原因,用户/密码身份验证不起作用,并且请求在循环中被重定向,导致打开新的套接字/sockjs 连接。

应用程序不产生任何输出,显示白屏死机。

144.MY.IP.ADDR - - [25/Sep/2018:17:48:06 -0400] "GET /sockjs/958/msx234wb/websocket HTTP/1.1" 401 195 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Safari/605.1.15"
144.MY.IP.ADDR - username [25/Sep/2018:17:48:06 -0400] "POST /sockjs/656/mgln1mi5/xhr_send HTTP/1.1" 204 0 "https://my.site.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Safari/605.1.15"
144.MY.IP.ADDR - username [25/Sep/2018:17:48:06 -0400] "POST /sockjs/958/x9wngcy3/xhr HTTP/1.1" 200 12 "https://my.site.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Safari/605.1.15"
144.MY.IP.ADDR - username [25/Sep/2018:17:48:06 -0400] "POST /sockjs/958/x9wngcy3/xhr_send HTTP/1.1" 204 0 "https://my.site.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Safari/605.1.15"
144.MY.IP.ADDR - username [25/Sep/2018:17:48:06 -0400] "GET /sockjs/info?cb=35tsuy5ber HTTP/1.1" 200 90 "https://my.site.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Safari/605.1.15"
144.MY.IP.ADDR - username [25/Sep/2018:17:48:06 -0400] "POST /sockjs/958/x9wngcy3/xhr_send HTTP/1.1" 204 0 "https://my.site.com/" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/12.0 Safari/605.1.15"

这是我的 nginx 配置:

map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}

server {
listen 80;
listen 443 ssl http2;
server_name my.site.com;

ssl_certificate /etc/letsencrypt/live/my.site.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my.site.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

add_header Strict-Transport-Security "max-age=31557600; includeSubDomains";
add_header X-Content-Type-Options "nosniff" always;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-Xss-Protection "1";

ssl_stapling on;
ssl_stapling_verify on;

root html; # irrelevant
index index.html; # irrelevant

location / {

# forward http to https
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}

proxy_pass http://localhost:8080;

proxy_redirect off;
proxy_intercept_errors on;


proxy_http_version 1.1; # recommended with keepalive connections - http://nginx.org/en/docs/http/ngx_http_proxy_module.html#proxy_http_version

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;

proxy_set_header Host $host; # pass the host header - http://wiki.nginx.org/HttpProxyModule#proxy_pass

proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;

proxy_set_header X-Forwarded-Proto http;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-For $remote_addr; # preserve client IP

proxy_set_header X-Nginx-Proxy true;

auth_basic "Restricted Access"; # auth realm
auth_basic_user_file .htpasswd-users; # htpasswd file

# the root path (/) MUST NOT be cached
if ($uri != '/') {
expires 30d;
}

}
}

我不知道为什么在 Chrome 按预期工作而 safari 不工作的情况下会发生这种情况。

最佳答案

这是解决方案。由神奇的 proxy_read_timeout 行保存:

location / {          

auth_basic "Restricted Access"; # auth realm
auth_basic_user_file .htpasswd-users-paco; # htpasswd file

proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;

proxy_pass "http://127.0.0.1:SOME_PORT";
proxy_http_version 1.1;

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";

proxy_read_timeout 86400;

# the root path (/) MUST NOT be cached
if ($uri != '/') {
expires 30d;
}
}

关于node.js - Nginx: proxy_pass + websocket + basic authentication + Safari = 访问日志无限循环,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/52507245/

25 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com