Nginx反向代理到URI上的Wordpress

Question

我有一个在Nginx服务器上运行的Symfony 2.5.X应用程序。 我将其称为domain.com 。

该服务器中的/ news URI被配置为远程计算机的反向代理，在该计算机上我再次在nginx服务器上运行Wordpress博客。 我将其称为blog.domain.com 。

domain.com的配置如下所示：

server {
  listen 80;
  server_name domain.com;

  set $project_path /home/webserver/prod.domain.com;
  root $project_path/web;

  error_log /home/webserver/prod.domain.com/app/logs/nginx_error.log;
  access_log /home/webserver/prod.domain.com/app/logs/nginx_access.log;

  charset utf-8;
  client_max_body_size 65m;

  # Some extra speed
  open_file_cache max=1000 inactive=20s;
  open_file_cache_valid 30s;
  open_file_cache_min_uses 2;
  open_file_cache_errors on;

  # Reverse-proxy all /news calls to remote machine
  location ~ /news?(.*) {

    access_log off;

    proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
    proxy_set_header        Host                    blog.domain.com;  # without it it doesn't work
    #proxy_set_header        Host                    $http_host;
    proxy_set_header        X-Real-IP               $remote_addr;
    proxy_set_header        X-Forwarded-For         $proxy_add_x_forwarded_for;
    proxy_set_header        X-Forwarded-Proto       http;
    proxy_set_header        X-Custom-Secret         6ffe3dba7213c678324a101827aa3cf22c;

    proxy_redirect          off;
    proxy_buffering         off;
    #proxy_intercept_errors  on;

    proxy_pass http://blog.domain.com:80;
    break;
  }
  # Default URLs
  location / {
    try_files $uri /app.php$is_args$args;
  }

  # Error pages (static)
  #error_page 403                 /errorpages/403.html;
  error_page 404                  /errorpages/404.html;
  #error_page 405                 /errorpages/405.html;
  error_page 500 501 502 503 504  /errorpages/5xx.html;

  # Don't log garbage, add some browser caching
  location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
    access_log off;
    log_not_found off;
    expires max;
    add_header Pragma "public";
    add_header Cache-Control "public, must-revalidate, proxy-revalidate";
    try_files $uri /app.php?$query_string;
  }
  location ~* ^.+\.(css|js)$ {
    expires modified +1m;
    add_header Pragma "private";
    add_header Cache-Control "private";
    etag on;
    try_files $uri /app.php?$query_string;
  }
  location = /robots.txt {
    allow all;
    access_log off;
    log_not_found off;
  }

  # Disallow .htaccess, .htpasswd and .git
  location ~ /\.(ht|git) {
    deny all;
  }

  # Parse PHP
  location ~ ^/(app|app_dev|config)\.php(/|$) {
    include                 fastcgi_params;
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    fastcgi_param           SCRIPT_FILENAME $document_root$fastcgi_script_name;
    fastcgi_param           HTTPS           off;
    fastcgi_pass            php;
  }
}

blog.domain.com的配置如下所示：

server {
  listen 80;
  server_name blog.domain.com;

  root  /home/webserver-blog/news;

  access_log    /home/webserver-blog/logs/http_access.log;
  error_log     /home/webserver-blog/logs/http_error.log;

  charset utf-8;
  client_max_body_size 65m;

  # Some extra speed
  open_file_cache max=1000 inactive=20s;
  open_file_cache_valid 30s;
  open_file_cache_min_uses 2;
  open_file_cache_errors on;

  # Default URLs
  location / {
    # This never gets parsed as / is reserved for our main server
  }
  location ~* ^/news/(wp-content|wp-admin) {  # without this directive I didn't have any static files
    root /home/webserver-topblog/;
  }
  location ~* ^/news {
    try_files $uri $uri/ /index.php?args;
  }

  # Don't log garbage
  location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
    access_log off;
    log_not_found off;
    expires max;
  }
  location = /robots.txt {
    allow all;
    access_log off;
    log_not_found off;
  }

  # Disallow .htaccess or .htpasswd
  location ~ /\.ht {
    deny all;
  }

  # Disallow logs
  location ~ ^/logs/.*\.(log|txt)$ {
    deny all;
  }

  # Parse PHP
  location ~ \.php$ {
      #if (!-e $request_filename) { rewrite / /index.php last; }
      try_files $uri =404;

      include        fastcgi_params;
      fastcgi_index  index.php;
      fastcgi_param  SCRIPT_FILENAME  $document_root$fastcgi_script_name;
      fastcgi_pass   php;
  }
}

如您所知，我的Wordpress位于/home/webserver-blog/news/ 。 我在Wordpress中有一个稍微修改的index.php文件，用于检查X-Custom-Secret标头，如果不存在（或无效），它将强制301重定向到domain.com/news/

现在，我尝试了几种不同的方法来使其正常运行。

• 首先（也是最明显的）是将blog.domain.com的root指向/home/webserver-blog/并允许nginx自然地将请求URI传递到子目录/news 。 这工作得很好，但是它不允许我利用Wordpress的永久链接，而只能使用查询字符串。 它产生的其他奇怪行为是，如果您调用/news而不加斜杠，则实际上是在HTTP重定向中公开blog.domain.com 。 我的自定义index.php迅速处理了这些重定向，但我仍然想避免完全暴露blog.domain.com 。
• 第二种（也是当前的方法）再次将blog.domain.com的root直接指向Wordpress的目录/home/webserver-blog/news/并欺骗所有对location ~* ^/news/(wp-content|wp-admin)静态文件的请求。 location ~* ^/news/(wp-content|wp-admin)指令将其根目录向上一级。 这个工作对两个固定链接和静态文件，但再次- /news/wp-login.php给了我无限重定向到自身 ，和/news/wp-admin/实际下载的，而不是分析它的index.php文件（将其作为application/octet-stream ）

我完全没有主意...任何帮助将不胜感激。

Answer 1

我想我设法提供了一个一般的解决方案。 远非完美或干净，但是...很好，它可行。

blog.domain.com的配置：

server {
  listen 80;
  server_name blog.domain.com;

  root  /home/webserver-blog;

  access_log    /home/webserver-blog/logs/http_access.log;
  error_log     /home/webserver-blog/logs/http_error.log;

  charset utf-8;
  client_max_body_size 65m;

  # Some extra speed
  open_file_cache max=1000 inactive=20s;
  open_file_cache_valid 30s;
  open_file_cache_min_uses 2;
  open_file_cache_errors on;

  # Default URLs
  location ~* ^/news$ {
    rewrite ^ $scheme://domain.com/news/ permanent;   # ** HARDCODED production url
    break;
  }
  location / {
    try_files $uri $uri/ @redir;
  }
  location @redir {
    rewrite ^/news/(.*)$ /news/index.php?$1 last;
  }

  # Don't log garbage
  location ~* ^.+\.(ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|rss|atom|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
    access_log off;
    log_not_found off;
    expires max;
  }
  location = /robots.txt {
    allow all;
    access_log off;
    log_not_found off;
  }

  # Disallow .htaccess or .htpasswd
  location ~ /\.ht {
    deny all;
  }

  # Disallow logs
  location ~ ^/logs/.*\.(log|txt)$ {
    deny all;
  }

  # Parse PHP
  location ~ \.php$ {
    include                 fastcgi_params;
    fastcgi_split_path_info ^(.+\.php)(/.*)$;
    fastcgi_param           SCRIPT_FILENAME  $document_root$fastcgi_script_name;
    fastcgi_param           HTTPS           off;
    fastcgi_pass            php;
  }
}

因此，诀窍是我仍然在文件系统目录上运行，而不是一味地进行全方位的重写和重定向。 news/仍然是文件系统中的物理目录，可通过nginx的location /指令读取该目录。 以前在尝试不加斜杠的情况下公开blog.domain.com域的问题似乎是本机nginx的行为-它看到一个目录，在末尾添加一个斜杠； 并且由于它的server_name设置为blog.domain.com ，所以我们开始。 对生产URL进行硬编码并将该规则放在首位几乎可以解决该问题。

@redir位置再次很好地启用了Wordpress的永久链接。

我在整个设置中添加的另一项功能是防止人形直接在http：// blog.domain.com /上进行，这是另一个index.php文件，该文件直接存储在/home/webserver-blog/ ：

<?php
/*
 * domain.com redirector
 */
$production = 'http://domain.com/news/';

// Redirect nicely
if(isset($_SERVER['REQUEST_URI']) and $_SERVER['REQUEST_URI'] !== '/') {

  $target = sprintf('%s%s', $production, preg_replace('/^\//', null, $_SERVER['REQUEST_URI']));
  header('Location: ' . $target);
}
else header('Location: ' . $production);

...并且，如前所述，在Wordpress的原始index.php上还有几行：

<?php
/*
 *  wordpress loader
 */
$production = 'http://domain.com/news/';

// Allow only reverse-proxied requests
if(!isset($_SERVER['HTTP_X_CUSTOM_SECRET']) or $_SERVER['HTTP_X_CUSTOM_SECRET'] !== md5('your-md5encoded-text-in-proxy_set_header-X-Custom-Secret')) {
  die(header('Location: ' . $production));
}
require_once dirname(__FILE__) . '/index-wp-org.php';

丑陋的...但是有效。 我仍然很高兴听到更好的解决方案。 :)