对于我的身份验证服务器...这有效。我喜欢为我自己的人性化可读性提供 /auth 选项......或者我也通过端口/上游配置它以供机器到机器。
.
在conf开始时
####################################################
upstream auth {
server 127.0.0.1:9011 weight=1 fail_timeout=300s;
keepalive 16;
}
在我的 443 服务器块内
if (-d $request_filename) {
rewrite [^/]$ $scheme://$http_host$uri/ permanent;
}
location /auth {
proxy_pass http://$http_host:9011;
proxy_set_header Origin http://$host;
proxy_set_header Host $http_host:9011;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
}
在conf的底部
#####################################################################
# #
# Proxies for all the Other servers on other ports upstream #
# #
#####################################################################
#######################
# Fusion #
#######################
server {
listen 9001 ssl;
############# Lock it down ################
# SSL certificate locations
ssl_certificate /etc/letsencrypt/live/allineed.app/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/allineed.app/privkey.pem;
# Exclusions
include snippets/exclusions.conf;
# Security
include snippets/security.conf;
include snippets/ssl.conf;
# Fastcgi cache rules
include snippets/fastcgi-cache.conf;
include snippets/limits.conf;
include snippets/nginx-cloudflare.conf;
########### Location upstream ##############
location ~ / {
proxy_pass http://auth;
proxy_set_header Origin http://$host;
proxy_set_header Host $host:$server_port;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_http_version 1.1;
}
if (-d $request_filename) {
rewrite [^/]$ $scheme://$http_host$uri/ permanent;
}
}