请教一个 Nginx 配置的问题

背景：

已签名 let's encrypt 证书
已启动 vaultwarden/server docker 容器

需求：

当访问 my_domain.com 或者 www.my_domain.com 时，响应对应的 index.html
当访问 bitwarden.my_domain.com 时，展示对应的自建 bitwarden 服务

遇到的问题：需求 1 - 正常，需求 2 - 页面报错，状态码 502

代码：

# etc/nginx/sites-available/my_domain.com

server {
    root /var/www/my_domain.com/html;
    index index.html index.htm index.nginx-debian.html;

    server_name my_domain.com www.my_domain.com;

    location / {
        try_files $uri $uri/ =404;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/my_domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/my_domain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = www.my_domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = my_domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80;
    listen [::]:80;

    server_name my_domain.com www.my_domain.com;
    return 404; # managed by Certbot
}

server {
    listen 443 ssl http2;
    server_name bitwarden.my_domain.com;

    # Specify SSL config if using a shared one.
    #include conf.d/ssl/ssl.conf;
    include /etc/letsencrypt/options-ssl-nginx.conf;

    # Allow large attachments
    client_max_body_size 128M;

    location / {
        proxy_pass http://127.0.0.1:8087;
        proxy_http_version    1.1;
        proxy_cache_bypass    $http_upgrade;
        proxy_set_header Upgrade            $http_upgrade;
        proxy_set_header Connection         "upgrade";
        proxy_set_header Host               $host;
        proxy_set_header X-Real-IP          $remote_addr;
        proxy_set_header X-Forwarded-For    $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto  $scheme;
        proxy_set_header X-Forwarded-Host   $host;
        proxy_set_header X-Forwarded-Port   $server_port;
    }

    location /notifications/hub {
        proxy_pass http://127.0.0.1:3012;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /notifications/hub/negotiate {
        proxy_pass http://127.0.0.1:8087;
    }

    location /admin {
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_pass http://127.0.0.1:8087;
    }
}

cccer

2022-05-07 15:59:26 +08:00

proxy_set_header Upgrade 和 proxy_set_header Connection 是代理 ws 才需要配置的，普通 http 请求不需要。三个路径直面只有 /notifications/hub 是 ws 服务。

我的配置
```
location / {
proxy_pass http://vaultwarden-default;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}

location /notifications/hub {
proxy_pass http://vaultwarden-ws;

proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $http_connection;
proxy_set_header X-Real-IP $remote_addr;
}

location /notifications/hub/negotiate {
proxy_pass http://vaultwarden-default;

proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
```