RT。第二层代理解决连通性问题,第一层代理缓存解决速度问题:
针对代理gravatar.com的302调整,需要在第二层nginx代理中配置proxy_redirect https://secure.gravtar.com /avatar/;
同理,第一层nginx代理中需要配置proxy_redirect https://B.xyz /avatar/;(假设第二层代理的server块为B.xyz)
最后还需要注意一下缓存问题。
最后附上完整配置:
第二层代理(解决连通性问题):
server {
listen 80;
server_name B.xyz;
rewrite ^(.*) https://B.xyz$1;
}
server {
listen 443 ssl;
server_name B.xyz;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
#ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
#https证书配置
include ssl/https.conf;
location ~ ^/avatar/([a-fA-F0-9]+)$ {
set $hash $1;
# 强制使用ipv4(如果不设置似乎默认返回ipv6的地址,但该层服务区不支持ipv6网络……)
resolver 8.8.8.8 ipv6=off;
resolver_timeout 10s;
# 模拟真实浏览器的请求头(加一层“烟雾弹”避免强制跳转到www.gravatar.com)
proxy_set_header User-Agent "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/91.0.4472.124 Safari/537.36";
proxy_set_header Accept "image/webp,image/apng,image/*,*/*;q=0.8";
proxy_set_header Accept-Language "en-US,en;q=0.9";
proxy_set_header Accept-Encoding "gzip, deflate, br";
proxy_set_header Referer "https://wordpress.org/";
proxy_set_header DNT "1";
proxy_set_header Connection "keep-alive";
proxy_set_header Sec-Fetch-Dest "image";
proxy_set_header Sec-Fetch-Mode "no-cors";
proxy_set_header Sec-Fetch-Site "cross-site";
# 向源站传送主机头、客户端真实 IP 等特定信息。
proxy_set_header Host secure.gravatar.com;
# 处理参数,带默认值(这里是自定义的参数)
set $size "32";
if ($arg_s ~* "^\d+$") {
set $size $arg_s;
}
proxy_pass https://secure.gravatar.com/avatar/$hash?s=$size;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept-Encoding "";
# 处理重定向 - 关键!
proxy_redirect https://secure.gravatar.com/ /avatar/;
# 指定缓存使用的空间。
proxy_cache gravatar;
# 指定缓存使用的 key 值,方便定位清除缓存。
proxy_cache_key $scheme$host$request_uri;
add_header X-Cache-Status $upstream_cache_status;
# 指定对 200、301 或者 302 等有效代码缓存的时间长度,特定参数 any 表示对任何响应都缓存一定时间长>度。
proxy_cache_valid 200 304 7d;
proxy_cache_valid 301 24h;
proxy_cache_valid 500 502 503 504 0s;
proxy_cache_valid any 1d;
# 超时设置
proxy_connect_timeout 5s;
proxy_read_timeout 5s;
}
}第一层代理(解决速度问题):
server {
listen 80;
server_name A.xyz;
rewrite ^(.*) https://A.xyz$1;
}
server {
listen 443 ssl;
server_name A.xyz;
ssl_protocols TLSv1.2;
ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA:ECDHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES256-SHA:ECDHE-ECDSA-DES-CBC3-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:DES-CBC3-SHA:!DSS';
add_header Strict-Transport-Security "max-age=63072000; includeSubdomains; preload";
ssl_prefer_server_ciphers on;
ssl_session_timeout 10m;
#ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_buffer_size 1400;
#https证书配置
include ssl/https.conf;
location /avatar/ {
# 向源站传送主机头、客户端真实 IP 等特定信息。
proxy_set_header Host B.xyz;#注意这里需要明确配置到第二层代理的server块B.xyz,否则很可能会去访问ip进而404
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Accept-Encoding "";
proxy_pass https://B.xyz:443;
proxy_redirect https://B.xyz/ /avatar/;
# 指定缓存使用的空间。
proxy_cache avatar;
# 指定缓存使用的 key 值,方便定位清除缓存。
proxy_cache_key $scheme$host$request_uri;
# 指定对 200、301 或者 302 等有效代码缓存的时间长度,特定参数 any 表示对任何响应都缓存一定时间长度。
proxy_cache_valid 200 304 7d;
proxy_cache_valid 301 24h;
proxy_cache_valid 500 502 503 504 0s;
proxy_cache_valid any 1d;
}
}此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。