Nginx、Php-Fpm、および APC を使用して新しいサーバーをセットアップしました。また、外部の Varnish Cache と MySQL データベースを使用しています。
その設定で作業しているため、拡張機能の 1 つが機能しなくなりました。バックエンドでアクセスしようとすると、Magento からログアウトされ、magento 管理者ログインにリダイレクトされます。
これが私のNginx confです:
1.) nginx.conf
user nginx;
worker_processes 1;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request "'
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
autoindex off;
map $scheme $fastcgi_https { ## Detect when HTTPS is used
default off;
https on;
}
keepalive_timeout 10;
gzip on;
gzip_comp_level 2;
gzip_proxied any;
gzip_types text/plain text/html text/css application/x-javascript text/xml application/xml application/xml+rss text/javascript;
# Load config files from the /etc/nginx/conf.d directory
include /etc/nginx/conf.d/*.conf;
2.) domain.conf
server {
listen 8080;
server_name domain.de;
rewrite / $scheme://www.$host$request_uri permanent; ## Forcibly prepend a www
}
server {
listen 8080 default;
# SSL directives might go here
server_name www.domain.de *.domain.de; ## Domain is here twice so server_name_in_redirect will favour the www
root /var/www/html;
location / {
index index.html index.php; ## Allow a static html file to be shown first
try_files $uri $uri/ @handler; ## If missing pass the URI to Magento's front handler
expires 30d; ## Assume all files are cachable
}
## These locations would be hidden by .htaccess normally
# location ^~ /app/ { deny all; }
# location ^~ /includes/ { deny all; }
# location ^~ /lib/ { deny all; }
# location ^~ /media/downloadable/ { deny all; }
# location ^~ /pkginfo/ { deny all; }
# location ^~ /report/config.xml { deny all; }
# location ^~ /var/ { deny all; }
location /var/export/ { ## Allow admins only to view export folder
auth_basic "Restricted"; ## Message shown in login window
auth_basic_user_file htpasswd; ## See /etc/nginx/htpassword
autoindex on;
}
location /. { ## Disable .htaccess and other hidden files
return 404;
}
location @handler { ## Magento uses a common front handler
rewrite / /index.php;
}
location ~ .php/ { ## Forward paths like /js/index.php/x.js to relevant handler
rewrite ^(.*.php)/ $1 last;
}
location ~ .php$ { ## Execute PHP scripts
if (!-e $request_filename) { rewrite / /index.php last; } ## Catch 404s that try_files miss
expires off; ## Do not cache dynamic content
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_param HTTPS $fastcgi_https;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_param MAGE_RUN_CODE default;
fastcgi_param MAGE_RUN_TYPE store;
include fastcgi_params; ## See /etc/nginx/fastcgi_params
}
}
nginx エラー ログには次のように表示されます。
2013/05/27 21:07:01 [エラー] 18489#0: *4 アクセスはルールにより禁止されています, クライアント: 54.xxx.x.xx, サーバー: www.domain.de, リクエスト: "POST /app/etc /local.xml HTTP/1.1"、ホスト: "www.domain.de"
どこかでアクセスを制限しているようです。私はすでにこれを変更しました:
## These locations would be hidden by .htaccess normally
# location ^~ /app/ { deny all; }
# location ^~ /includes/ { deny all; }
# location ^~ /lib/ { deny all; }
# location ^~ /media/downloadable/ { deny all; }
# location ^~ /pkginfo/ { deny all; }
# location ^~ /report/config.xml { deny all; }
# location ^~ /var/ { deny all; }
私はこれについて頭を悩ませています。誰かが私にどこを見るべきかのヒントを持っていますか?
前もって感謝します!
編集1:
私にはどこかで混同されているようです。listen を削除すると: 8080; できます!Varnish Server (on:80) は、ページに入ろうとするたびにエラー メッセージを出します (セットアップは通常 ELB - Varnish - Nginx です) が、基本的には拡張機能にアクセスできます。Varnish が何らかの方法でリダイレクトすることは可能ですか?
これは default.vcl です。
#
backend default {
.host = "xx.xxx.xxx.xx";
.port = "8080"; # We will then configure apache to listen to port 8080
}
acl trusted {
"127.0.0.1";
"127.0.1.1";
"xx.xxx.xxx.xx";
# Add other ips that are allowed to purge cache
}
#
# http://www.varnish-cache.org/docs/2.1/tutorial/vcl.html#vcl-recv
# @param req Request object
sub vcl_recv {
if (req.http.x-forwarded-for) {
set req.http.X-Forwarded-For = req.http.X-Forwarded-For+","+client.ip;
}
else {
set req.http.X-Forwarded-For = client.ip;
}
if (req.request == "PURGE") {
# Allow requests from trusted IPs to purge the cache
if (!client.ip ~ trusted) {
error 405 "Not allowed.";
}
ban("req.url ~ " + req.url);
error 200 "Ok"; #We don't go to backend
#return(lookup); # @see vcl_hit
}
if (req.request != "GET" &&
req.request != "HEAD" &&
req.request != "PUT" &&
req.request != "POST" &&
req.request != "TRACE" &&
req.request != "OPTIONS" &&
req.request != "DELETE") {
/* Non-RFC2616 or CONNECT which is weird. */
return (pipe);
}
# Cache only GET or HEAD requests
if (req.request != "GET" && req.request != "HEAD") {
/* We only deal with GET and HEAD by default */
return (pass);
}
# parse accept encoding rulesets to normalize
if (req.http.Accept-Encoding) {
if (req.http.Accept-Encoding ~ "gzip") {
set req.http.Accept-Encoding = "gzip";
} elsif (req.http.Accept-Encoding ~ "deflate") {
set req.http.Accept-Encoding = "deflate";
} else {
# unkown algorithm
remove req.http.Accept-Encoding;
}
}
# Rules for static files
if (req.url ~ "\.(jpeg|jpg|png|gif|ico|swf|js|css|gz|rar|txt|bzip|pdf)(\?.*|)$") {
set req.http.staticmarker = "1";
unset req.http.Cookie;
return (lookup);
}
# Don't cache pages for Magento Admin
# change this rule if you use custom url in admin
if (req.url ~ "^/(index.php/)?admin") {
return(pass);
}
# Don't cache checkout/customer pages, product compare
if (req.url ~ "^/(index.php/)?(checkout|customer|catalog/product_compare|wishlist)") {
return(pass);
}
# Don't cache till session end
if (req.http.cookie ~ "nocache_stable") {
return(pass);
}
# Unique identifier witch tell Varnish use cache or not
if (req.http.cookie ~ "nocache") {
return(pass);
}
# Remove cookie
unset req.http.Cookie;
set req.http.magicmarker = "1"; #Instruct varnish to remove cache headers received from backend
return(lookup);
}
sub vcl_pipe {
# # Note that only the first request to the backend will have
# # X-Forwarded-For set. If you use X-Forwarded-For and want to
# # have it set for all requests, make sure to have:
# # set req.http.connection = "close";
# # here. It is not set by default as it might break some broken web
# # applications, like IIS with NTLM authentication.
return (pipe);
}
#sub vcl_pass {
# return (pass);
#}
#sub vcl_hash {
# set req.hash += req.url;
# if (req.http.host) {
# set req.hash += req.http.host;
# } else {
# set req.hash += server.ip;
# }
# return (hash);
# }
# Called after a cache lookup if the req. document was found in the cache.
sub vcl_hit {
if (req.request == "PURGE") {
ban_url(req.url);
error 200 "Purged";
}
if (!(obj.ttl > 0s)) {
return (pass);
}
return (deliver);
}
# Called after a cache lookup and odc was not found in cache.
sub vcl_miss {
if (req.request == "PURGE"){
error 200 "Not in cache";
}
return (fetch);
}
# Called after document was retreived from backend
# @var req Request object.
# @var beresp Backend response (contains HTTP headers from backend)
sub vcl_fetch {
set req.grace = 30s;
# Current response should not be cached
if(beresp.http.Set-Cookie ~ "nocache=1") {
return (deliver);
}
# Flag set when we want to delete cache headers received from backend
if (req.http.magicmarker){
unset beresp.http.magicmarker;
unset beresp.http.Cache-Control;
unset beresp.http.Expires;
unset beresp.http.Pragma;
unset beresp.http.Cache;
unset beresp.http.Server;
unset beresp.http.Set-Cookie;
unset beresp.http.Age;
# default ttl for pages
set beresp.ttl = 1d;
}
if (req.http.staticmarker) {
set beresp.ttl = 30d; # static file cache expires in 30 days
unset beresp.http.staticmarker;
unset beresp.http.ETag; # Removes Etag in case we have multiple frontends
}
return (deliver);
}
# Called after a cached document is delivered to the client.
sub vcl_deliver {
if (obj.hits > 0) {
set resp.http.X-Cache = "HIT ("+obj.hits+")";
} else {
set resp.http.X-Cache = "MISS";
# set resp.http.X-Cache-Hash = obj.http.hash;
}
return (deliver);
}