用proxy_intercept_errors和recursive_error_pages代理多次3
302是HTTP协议中的一个经常被使用状态码,是多种重定向方式的一种,其语义经常被解释为“Moved Temporarily”。这里顺带提一下,现实中用到的302多为误用(与303,307混用),在HTTP/1.1中,它的语义为“Found”. 302有时候很明显,有时候又比较隐蔽。最简单
302是HTTP协议中的一个经常被使用状态码,是多种重定向方式的一种,其语义经常被解释为“Moved Temporarily”。这里顺带提一下,现实中用到的302多为误用(与303,307混用),在HTTP/1.1中,它的语义为“Found”.
302有时候很明显,有时候又比较隐蔽。最简单的情况,是当我们在浏览器中输入一个网址A,然后浏览器地址栏会自动跳到B,进而打开一个网页,这种情况就很可能是302。
比较隐蔽的情况经常发生在嵌入到网页的播放器中。例如,当你打开一个优酷视频播放页面时,抓包观察一下就会经常发现302的影子。但由于这些url并不是直接在浏览器中打开的,所以在浏览器的地址栏看不到变化,当然,如果将这些具体的url特意挑出来复制到浏览器地址栏里,还是可以观察到的。
上一段提到了优酷。其实现在多数在线视频网站都会用到302,原因很简单,视频网站流量一般较大,都会用到CDN,区别只在于是用自建CDN还是商业CDN。而由于302的重定向语义(再重复一遍,302的语义广泛的被误用,在使用302的时候,我们很可能应该使用303或307,但后面都不再纠结这一点),可以与CDN中的调度很好的结合起来。
我们来看一个例子,打开一个网易视频播放页面,抓一下包,找到302状态的那个url。例如:
<code>http://flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4 </code>
我们把它复制到浏览器地址栏中,会发现地址栏迅速的变为了另外一个url,这个Url是不定的,有可能为:
<code>http://14.18.140.83/f6c00af500000000-1408987545-236096587/data6/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4 </code>
用curl工具会更清楚的看到整个过程:
<code>curl -I "http://flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4" -L HTTP/1.1 302 Moved Temporarily Server: nginx Date: Mon, 25 Aug 2014 14:49:43 GMT Content-Type: text/html Content-Length: 154 Connection: keep-alive NG: CCN-SW-1-5L2 X-Mod-Name: GSLB/3.1.0 Location: http://119.134.254.9/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4 HTTP/1.1 302 Moved Temporarily Server: nginx Date: Mon, 25 Aug 2014 14:49:41 GMT Content-Type: text/html Content-Length: 154 Connection: keep-alive X-Mod-Name: Mvod-Server/4.3.3 Location: http://119.134.254.7/cc89fdac00000000-1408983581-2095617481/data4/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4 NG: CHN-SW-1-3Y1 HTTP/1.1 200 OK Server: nginx Date: Mon, 25 Aug 2014 14:49:41 GMT Content-Type: video/mp4 Content-Length: 3706468 Last-Modified: Mon, 25 Aug 2014 00:23:50 GMT Connection: keep-alive Cache-Control: no-cache ETag: "53fa8216-388e64" NG: CHN-SW-1-3g6 X-Mod-Name: Mvod-Server/4.3.3 Accept-Ranges: bytes </code>
可以看到,这中间经历了两次302。
先暂时将这个例子放在一边,再来说说另一个重要的术语:proxy.我们通常会戏称,某些领导是302类型的,某些领导是proxy类型的。302类型的领导,一件事情经过他的手,会迅速的转给他人,而proxy类型的领导则会参与到事情中来,甚至把事情全部做完。
回到上面的例子,如果访问一个url中途会有多个302,那如果需要用Nginx设计一个proxy,来隐藏掉中间所有的这些302,该怎么做呢?
1.原始Proxy
我们知道,Nginx本身就是一个优秀的代理服务器。因此,首先我们来架设一个Nginx正向代理,服务器IP为192.168.109.128(我的一个测试虚拟机)。
初始配置简化如下:
<code>server {
listen 80;
location / {
rewrite_by_lua '
ngx.exec("/proxy-to" .. ngx.var.request_uri)
';
}
location ~ /proxy-to/([^/]+)(.*) {
proxy_pass http://$1$2$is_args$query_string;
}
}
</code>实现的功能是,当使用
<code>http://192.168.109.128/xxxxxx </code>
访问该代理时,会proxy到xxxxxx所代表的真实服务器。
测试结果如下:
<code>curl -I "http://192.168.109.128/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4" -L HTTP/1.1 302 Moved Temporarily Server: nginx/1.4.6 Date: Mon, 25 Aug 2014 14:50:54 GMT Content-Type: text/html Content-Length: 154 Connection: keep-alive NG: CCN-SW-1-5L2 X-Mod-Name: GSLB/3.1.0 Location: http://183.61.140.24/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4 HTTP/1.1 302 Moved Temporarily Server: nginx Date: Mon, 25 Aug 2014 14:50:55 GMT Content-Type: text/html Content-Length: 154 Connection: keep-alive X-Mod-Name: Mvod-Server/4.3.3 Location: http://183.61.140.20/540966e500000000-1408983655-236096587/data1/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4 NG: CHN-ZJ-4-3M4 HTTP/1.1 200 OK Server: nginx Date: Mon, 25 Aug 2014 14:50:55 GMT Content-Type: video/mp4 Content-Length: 3706468 Last-Modified: Mon, 25 Aug 2014 00:31:03 GMT Connection: keep-alive Cache-Control: no-cache ETag: "53fa83c7-388e64" NG: CHN-ZJ-4-3M4 X-Mod-Name: Mvod-Server/4.3.3 Accept-Ranges: bytes </code>
可见,虽然使用proxy,但过程与原始访问没有什么区别。访问过程为,当访问
<code>http://192.168.109.128/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4 </code>
时,Nginx会将该请求proxy到
<code>http://flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4 </code>
而后者马上就会返回一个302,所以Nginx作为proxy,将该302传回到客户端,客户端重新发起请求,进而重复之前的多次302.这里说明一个问题,一旦Nginx的proxy的后端返回302后,客户端即与Nginx这个proxy脱离关系了,Nginx无法起到完整的代理的作用。
2. 第1次修改
将配置文件修改为:
<code>server {
listen 80;
location / {
rewrite_by_lua '
ngx.exec("/proxy-to" .. ngx.var.request_uri)
';
}
location ~ /proxy-to/([^/]+)(.*) {
proxy_pass http://$1$2$is_args$query_string;
error_page 302 = @error_page_302;
}
location @error_page_302 {
rewrite_by_lua '
local _, _, upstream_http_location = string.find(ngx.var.upstream_http_location, "^http:/(.*)$")
ngx.header["zzzz"] = "/proxy-to" .. upstream_http_location
ngx.exec("/proxy-to" .. upstream_http_location);
';
}
}
</code>与上面的区别在于,使用了一个error_page,目的是当发现proxy的后端返回302时,则用这个302的目的location继续proxy,而不是直接返回给客户端。并且这个逻辑里面包含着递归的意思,一路跟踪302,直到最终返回200的那个地址。测试结果如下:
<code>curl -I "http://192.168.109.128/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4" -L HTTP/1.1 302 Moved Temporarily Server: nginx/1.4.6 Date: Mon, 25 Aug 2014 15:01:17 GMT Content-Type: text/html Content-Length: 154 Connection: keep-alive NG: CCN-SW-1-5L2 X-Mod-Name: GSLB/3.1.0 Location: http://183.61.140.24/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4 HTTP/1.1 302 Moved Temporarily Server: nginx Date: Mon, 25 Aug 2014 15:01:17 GMT Content-Type: text/html Content-Length: 154 Connection: keep-alive X-Mod-Name: Mvod-Server/4.3.3 Location: http://183.61.140.20/a90a952900000000-1408984277-236096587/data1/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4 NG: CHN-ZJ-4-3M4 HTTP/1.1 200 OK Server: nginx Date: Mon, 25 Aug 2014 15:01:17 GMT Content-Type: video/mp4 Content-Length: 3706468 Last-Modified: Mon, 25 Aug 2014 00:31:03 GMT Connection: keep-alive Cache-Control: no-cache ETag: "53fa83c7-388e64" NG: CHN-ZJ-4-3M4 X-Mod-Name: Mvod-Server/4.3.3 Accept-Ranges: bytes </code>
可见,本次修改仍然没有成功!
为什么呢?分析一下,我们在@error_page_302这个location里已经加了一个头部打印语句,可是在测试中,该头部并没有打出来,可见流程并没有进入到@error_page_302这个location。
原因在于
<code>error_page 302 = @error_page_302; </code>
error_page默认是本次处理的返回码。作为proxy,本次处理,只要转发上游服务器的响应成功,应该状态码都是200.即,我们真正需要检查的,是proxy的后端服务器返回的状态码,而不是proxy本身返回的状态码。查一下Nginx的wiki,proxy_intercept_errors指令正是干这个的:
<code>Syntax: proxy_intercept_errors on | off; Default: proxy_intercept_errors off; Context: http, server, location Determines whether proxied responses with codes greater than or equal to 300 should be passed to a client or be redirected to nginx for processing with the error_page directive. </code>
3. 第二次修改
<code>server {
listen 80;
proxy_intercept_errors on;
location / {
rewrite_by_lua '
ngx.exec("/proxy-to" .. ngx.var.request_uri)
';
}
location ~ /proxy-to/([^/]+)(.*) {
proxy_pass http://$1$2$is_args$query_string;
error_page 302 = @error_page_302;
}
location @error_page_302 {
rewrite_by_lua '
local _, _, upstream_http_location = string.find(ngx.var.upstream_http_location, "^http:/(.*)$")
ngx.header["zzzz"] = "/proxy-to" .. upstream_http_location
ngx.exec("/proxy-to" .. upstream_http_location);
';
}
}
</code>与上一次修改相比,区别仅仅在于增加了一个proxy_intercept_errors指令。测试结果如下:
<code>curl -I "http://192.168.109.128/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4" -L HTTP/1.1 302 Moved Temporarily Server: nginx/1.4.6 Date: Mon, 25 Aug 2014 15:05:54 GMT Content-Type: text/html Content-Length: 160 Connection: keep-alive zzzz: /proxy-to/183.61.140.24/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4 </code>
这次更神奇了,直接返回一个302状态完事,也不继续跳转了。
问题出在,虽然第一次302,请求成功的进入到@error_page_302,但后续的error_page指令却没起作用。也就是说,error_page只检查了第一次后端返回的状态码,而没有继续检查后续的后端状态码。
查一下资料,这个时候,另一个指令 recursive_error_pages就派上用场了。
4. 第3次修改
<code>server {
listen 80;
proxy_intercept_errors on;
recursive_error_pages on;
location / {
rewrite_by_lua '
ngx.exec("/proxy-to" .. ngx.var.request_uri)
';
}
location ~ /proxy-to/([^/]+)(.*) {
proxy_pass http://$1$2$is_args$query_string;
error_page 302 = @error_page_302;
}
location @error_page_302 {
rewrite_by_lua '
local _, _, upstream_http_location = string.find(ngx.var.upstream_http_location, "^http:/(.*)$")
ngx.header["zzzz"] = "/proxy-to" .. upstream_http_location
ngx.exec("/proxy-to" .. upstream_http_location);
';
}
}
</code>与上一次相比,仅仅增加了recursive_error_pages on这条指令。测试结果如下:
<code>curl -I "http://192.168.109.128/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4" -L HTTP/1.1 200 OK Server: nginx/1.4.6 Date: Mon, 25 Aug 2014 15:09:04 GMT Content-Type: video/mp4 Content-Length: 3706468 Connection: keep-alive zzzz: /proxy-to/14.18.140.83/f48bad0100000000-1408984745-236096587/data6/flv.bn.netease.com/tvmrepo/2014/8/5/P/EA3I1J05P/SD/EA3I1J05P-mobile.mp4 Last-Modified: Mon, 25 Aug 2014 00:21:07 GMT Cache-Control: no-cache ETag: "53fa8173-388e64" NG: CHN-MM-4-3FE X-Mod-Name: Mvod-Server/4.3.3 Accept-Ranges: bytes </code>
可见,Nginx终于成功的返回200了。此时,Nginx才真正起到了一个Proxy的功能,隐藏了一个请求原本的多个302链路,只返回客户端一个最终结果。
5. 小结
综上,通过proxy_pass、error_page、proxy_intercept_errors、recursive_error_pages这几个指令的配合使用,可以向客户端隐藏一条请求的跳转细节,直接返回用户一个状态码为200的最终结果。
奇怪的是,在Nginx的官方wiki中并没有recursive_error_pages指令的相关说明。
本文出自:http://pureage.info/, 原文地址:http://pureage.info/2014/08/25/hiding-302-using-proxy-pass.html, 感谢原作者分享。
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
AI Hentai Generator
Generate AI Hentai for free.
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
Nginx Proxy Manager configuration analysis and optimization
Sep 26, 2023 am 09:24 AM
Overview of NginxProxyManager configuration analysis and optimization: NginxProxyManager is a reverse proxy management tool based on Nginx, which can help us easily configure and manage reverse proxy servers. In the process of using NginxProxyManager, we can improve the performance and security of the server by parsing and optimizing its configuration. Configuration analysis: Configuration file location and structure: NginxProxyManag
How to configure and use proxy protocol in nginx
May 18, 2023 am 08:47 AM
When proxyprotocol is used in nginx, we know that nginx is a web server and proxy server. It generally works behind proxyserver or load balancing software (Haproxy, Amazon Elastic LoadBalancer (ELB)). The client first requests proxyserver or LSB load balancing software, and then to nginx Perform real web access. Because it has gone through multiple layers of software, some client information such as IP address, port number, etc. may be hidden, which is detrimental to our problem analysis and data statistics. Because for nginx, We want to be able to get real clients
Deployment strategy of containers and microservices under Nginx Proxy Manager
Sep 27, 2023 pm 01:06 PM
The deployment strategy of containers and microservices under NginxProxyManager requires specific code examples. Summary: With the popularity of microservice architecture, containerization technology has become an important part of modern software development. In the microservice architecture, NginxProxyManager plays a very important role, used to manage and proxy the traffic of microservices. This article will introduce how to use NginxProxyManager to deploy and manage containerized microservices, and provide relevant code examples.
Nginx Proxy Manager Tutorial: Quick Start Guide
Sep 27, 2023 pm 05:39 PM
NginxProxyManager Tutorial: Quick Start Guide, Specific Code Examples Needed Introduction: With the development of network technology, proxy servers have become a part of our daily use of the Internet. NginxProxyManager is a proxy server management platform based on Nginx, which can help us quickly establish and manage proxy servers. This article will introduce you to the quick start guide of NginxProxyManager, as well as some specific code examples. one
How to use Nginx Proxy Manager to achieve load balancing of multiple servers
Sep 27, 2023 pm 09:42 PM
How to use NginxProxyManager to achieve load balancing of multiple servers. NginxProxyManager is a proxy server management tool developed based on Nginx. It provides a simple and easy-to-use Web interface that can easily configure and manage Nginx proxy servers. In practical applications, we often need to distribute requests to multiple servers to achieve load balancing and improve system performance and availability. This article will introduce how to use NginxProx
How to use Nginx Proxy Manager to quickly cache HTML pages
Sep 28, 2023 am 10:58 AM
How to use NginxProxyManager to achieve fast caching of HTML pages Introduction: In modern network applications, fast loading of web pages is an important requirement. In order to improve user experience, we can use NginxProxyManager to quickly cache HTML pages. This article will show you how to use NginxProxyManager to achieve this goal, and provide specific code examples. Part 1: Install and configure NginxProxy
Nginx Proxy Manager implements cache acceleration of HTTP requests
Sep 26, 2023 am 10:53 AM
NginxProxyManager is a tool for managing Nginx proxy servers. By using it, you can achieve cache acceleration of HTTP requests. The following will introduce in detail how to use NginxProxyManager to implement cache acceleration and provide specific code examples. 1. Install and configure NginxProxyManager Install NginxProxyManager: $npminstall-g@nginx
Nginx Proxy Manager Principles and Practice: The Key to Optimizing Website Performance
Sep 26, 2023 am 11:06 AM
NginxProxyManager Principle and Practice: The key to optimizing website performance, specific code examples are required Introduction: In today's Internet era, website performance is crucial to user experience and search engine optimization. In order to improve the performance of the website, an effective method is to use Nginx as a reverse proxy server to manage and distribute traffic. This article will introduce the principles and practices of NginxProxyManager and show how to optimize the website through NginxProxyManager
