备忘 - 记一次坑爹的 Nginx 反代环境配置

起因

今天中午朋友找到我,说想要给自己的游戏针对国外做反向代理 (被老外喷卡,哈哈),那就做一个咯

准备挖坑

因为只需要转发请求,配置需求不高. 所以我就在 DediSERVE 注册了个账号,创了个 5欧 1G 内存,25G 硬盘的实例(AFF警告: 链接在此)

服务器使用 Debian 8, Server Hostname 填写的是要 代理的域名 (重点,后面就因为这个掉坑里了)

挖坑中

老规矩,自己动手丰衣足食

准备

工具

1
sudo apt-get install build-essential libpcre3 libpcre3-dev zlib1g-dev git

Nginx

1
2
3
wget -c https://nginx.org/download/nginx-1.11.13.tar.gz

tar zxf nginx-1.13.12.tar.gz

OpenSSL

1
2
3
4
5
wget -O openssl.tar.gz -c https://github.com/openssl/openssl/archive/OpenSSL_1_0_2k.tar.gz

tar zxf openssl.tar.gz

mv openssl-OpenSSL_1_0_2k/ openssl

编译

如果没指定安装位置的话,默认会安装到 /usr/local/nginx/

1
2
3
4
5
6
7
cd nginx-1.13.12/

./configure --with-openssl=../openssl --with-http_v2_module --with-http_ssl_module --with-http_gzip_static_module

make

sudo make install

创建管理服务

1
vim /etc/init.d/nginx

输入以下内容:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#! /bin/sh

### BEGIN INIT INFO
# Provides: nginx
# Required-Start: $all
# Required-Stop: $all
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts the nginx web server
# Description: starts nginx using start-stop-daemon
### END INIT INFO

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/local/nginx/sbin/nginx
NAME=nginx
DESC=nginx

test -x $DAEMON || exit 0

# Include nginx defaults if available
if [ -f /etc/default/nginx ] ; then
. /etc/default/nginx
fi

set -e

. /lib/lsb/init-functions

case "$1" in
start)
echo -n "Starting $DESC: "
start-stop-daemon --start --quiet --pidfile /usr/local/nginx/logs/$NAME.pid \
--exec $DAEMON -- $DAEMON_OPTS || true
echo "$NAME."
;;
stop)
echo -n "Stopping $DESC: "
start-stop-daemon --stop --quiet --pidfile /usr/local/nginx/logs/$NAME.pid \
--exec $DAEMON || true
echo "$NAME."
;;
restart|force-reload)
echo -n "Restarting $DESC: "
start-stop-daemon --stop --quiet --pidfile \
/usr/local/nginx/logs/$NAME.pid --exec $DAEMON || true
sleep 1
start-stop-daemon --start --quiet --pidfile \
/usr/local/nginx/logs/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS || true
echo "$NAME."
;;
reload)
echo -n "Reloading $DESC configuration: "
start-stop-daemon --stop --signal HUP --quiet --pidfile /usr/local/nginx/logs/$NAME.pid \
--exec $DAEMON || true
echo "$NAME."
;;
status)
status_of_proc -p /usr/local/nginx/logs/$NAME.pid "$DAEMON" nginx && exit 0 || exit $?
;;
*)
N=/etc/init.d/$NAME
echo "Usage: $N {start|stop|restart|reload|force-reload|status}" >&2
exit 1
;;
esac

exit 0

授权

1
sudo chmod a+x /etc/init.d/nginx

配置

1
vim /usr/local/nginx/conf/nginx.conf

修改为以下内容:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
#user  nobody;
worker_processes 4;

#error_log logs/error.log;
#error_log logs/error.log notice;
#error_log logs/error.log info;

#pid logs/nginx.pid;


events {
worker_connections 1024;
}


http {
include mime.types;
default_type application/octet-stream;
charset UTF-8;

sendfile on;
tcp_nopush on;
tcp_nodelay on;

keepalive_timeout 60;

gzip on;
gzip_vary on;

gzip_comp_level 6;
gzip_buffers 16 8k;

gzip_min_length 1000;
gzip_proxied any;
gzip_disable "msie6";

gzip_http_version 1.0;

gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript application/javascript image/svg+xml;

server {
listen 80;
server_name proxy.domain.com;

location / {
proxy_pass http://domain.com;
proxy_redirect off;

proxy_set_header X-Real_IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
...
}

运行

1
service nginx start

万事俱备,是时候看结果了!

这是什么鬼! HTTP 400

检查开启!

  1. 检查配置文件 ☑

  2. 检查日志 ☑

  3. 放狗搜索 ☑

然而并没有什么用 face

在20多分钟的放狗后,我找到了一篇文章 - nginx配置反向代理或跳转出现400问题处理记录

文章作者也遇到了和我差不多的问题,而他的问题在 proxy_pass 由域名换为IP后解决

然而对我并没有什么作用 face

从中午找到下午,接近两个小时依然没有解决这个问题

万念俱灰之际,我随手 ping 了一下域名

1
2
3
4
5
6
7
8
64 bytes from example.com (255.255.255.255): icmp_seq=1 ttl=64 time=0.051 ms
64 bytes from example.com (255.255.255.255): icmp_seq=2 ttl=64 time=0.063 ms
64 bytes from example.com (255.255.255.255): icmp_seq=3 ttl=64 time=0.055 ms
64 bytes from example.com (255.255.255.255): icmp_seq=4 ttl=64 time=0.049 ms
64 bytes from example.com (255.255.255.255): icmp_seq=5 ttl=64 time=0.050 ms
64 bytes from example.com (255.255.255.255): icmp_seq=6 ttl=64 time=0.040 ms
64 bytes from example.com (255.255.255.255): icmp_seq=7 ttl=64 time=0.047 ms
64 bytes from example.com (255.255.255.255): icmp_seq=8 ttl=64 time=0.037 ms

看到这结果,马上跑去看 hosts ,结果让我看到了浪费两个小时的原因:

1
2
3
4
cat /etc/hosts
# Automatically generated by OnApp
127.0.0.1 localhost
127.0.0.1 example.com

原因是在创建VPS实例时,会将填写的域名记录写到 hosts 里头. 因为当时还没有定好域名,就随手把 要反代的域名 填上去了

唉,今天真高兴啊……