知乎專欄 | 多維度架構 | 微信號 netkiller-ebook | QQ群:128659835 請註明“讀者” |
nginx: [emerg] "proxy_pass" cannot have URI part in location given by regular expression, or inside named location, or inside "if" statement, or inside "limit_except" block in /etc/nginx/conf.d/www.mydomain.com.conf:25 nginx: configuration file /etc/nginx/nginx.conf test failed
在location,if中使用證則匹配proxy_pass末尾不能寫/
if ($request_uri ~* "^/info/{cn|tw}/{news|info}/\d\.html") { proxy_pass http://info.example.com/; break; } location ~ ^/info/ { proxy_pass http://info.example.com/; break; }
proxy_pass http://info.example.com/; 改為 proxy_pass http://info.example.com; 可以解決
如果用戶Cookie信息沒有經過 proxy_pass 傳遞給最終伺服器,SESSION信息將丟失,解決方案
proxy_set_header Cookie $http_cookie;
配置 worker_rlimit_nofile 參數即可
user nginx; worker_processes 8; worker_rlimit_nofile 65530;
配置 ulimit 也能達到同樣效果,但我更喜歡 worker_rlimit_nofile 因為它僅僅作用於nginx,而不是全局配置。
server_name www.example.com www.example.net www.example.org;
下來SSI標籤無論你使用那個域名訪問,輸出永遠是server_name的第一域名www.example.com
<!--#echo var="SERVER_NAME"-->
需要通過SERVER_NAME判定展示不同結果時需要注意。
下面的例子是 Document root 是 /www/netkiller.com/m.netkiller.com, 我們需要 /www/netkiller.com/www.netkiller.com 中的資源。
server { listen 80; server_name m.netkiller.com; charset utf-8; access_log /var/log/nginx/m.netkiller.com.access.log; error_log /var/log/nginx/m.netkiller.com.error.log; location / { root /www/netkiller.com/m.netkiller.com; index.html } location /module { root /www/netkiller.com/www.netkiller.com; } }
server { listen 80; server_name m.netkiller.com; charset utf-8; access_log /var/log/nginx/m.netkiller.com.access.log; error_log /var/log/nginx/m.netkiller.com.error.log; location / { root /www/netkiller.com/m.netkiller.com; index.html } location ^~ /module/ { root /www/netkiller.com/www.netkiller.com; } }
上面的例子location /module 是指 /www/netkiller.com/www.netkiller.com + /module,如果 /www/netkiller.com/www.netkiller.com 目錄下面沒有 module 目錄是出現404, error.log顯示 "/www/netkiller.cn/www.netkiller.cn/module/index.html" failed (2: No such file or directory)
text/html 是 gzip_types 預設值,所以不要將text/html加入到gzip_types列表內
連結本地連接埠失敗,已經關閉防火牆,同時使用 curl http://127.0.0.1:8080 一切正常
日誌片段
2018/09/07 12:31:27 [crit] 10202#10202: *4 connect() to [::1]:8080 failed (13: Permission denied) while connecting to upstream, client: 47.90.97.183, server: www.api.netkiller.cn, request: "GET /api/ HTTP/2.0", upstream: "http://[::1]:8080/api/", host: "api.netkiller.cn" 2018/09/07 12:31:27 [warn] 10202#10202: *4 upstream server temporarily disabled while connecting to upstream, client: 47.90.97.183, server: www.api.netkiller.cn, request: "GET /api/ HTTP/2.0", upstream: "http://[::1]:8080/api/", host: "api.netkiller.cn" 2018/09/07 12:31:27 [crit] 10202#10202: *4 connect() to 127.0.0.1:8080 failed (13: Permission denied) while connecting to upstream, client: 47.90.97.183, server: www.api.netkiller.cn, request: "GET /api/ HTTP/2.0", upstream: "http://127.0.0.1:8080/api/", host: "api.netkiller.cn" 2018/09/07 12:31:27 [warn] 10202#10202: *4 upstream server temporarily disabled while connecting to upstream, client: 47.90.97.183, server: www.api.netkiller.cn, request: "GET /api/ HTTP/2.0", upstream: "http://127.0.0.1:8080/api/", host: "api.netkiller.cn"
問題出現在 AWS 亞馬遜雲主機。經過篩查發現是 SELINUX 問題
[root@netkiller ~]# cat /var/log/audit/audit.log | grep nginx | grep denied | more type=AVC msg=audit(1536320093.274:345): avc: denied { sys_resource } for pid=9544 comm="nginx" capability=24 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capabi lity type=AVC msg=audit(1536320093.274:346): avc: denied { sys_resource } for pid=9545 comm="nginx" capability=24 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capabi lity type=AVC msg=audit(1536320093.275:347): avc: denied { sys_resource } for pid=9546 comm="nginx" capability=24 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capabi lity type=AVC msg=audit(1536321850.706:459): avc: denied { sys_resource } for pid=9798 comm="nginx" capability=24 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capabi lity type=AVC msg=audit(1536321850.707:460): avc: denied { sys_resource } for pid=9799 comm="nginx" capability=24 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:system_r:httpd_t:s0 tclass=capabi lity type=AVC msg=audit(1536321920.108:461): avc: denied { name_connect } for pid=9796 comm="nginx" dest=8080 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:http_cache_port_t:s0 tclass=t cp_socket type=AVC msg=audit(1536321920.109:462): avc: denied { name_connect } for pid=9796 comm="nginx" dest=8080 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:http_cache_port_t:s0 tclass=t cp_socket