我有两个docker容器需要相互通信。一个是一个用于前端的NGINX容器,需要与另一个容器中的弹簧后端通信。沟通在Docker外运行时正常工作,但是当我对项目进行扩展时,尝试将任何请求从前端发送到后端时会收到以下错误:
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL was not normalized.
来自Spring的Spricthttpfirewall。
nginx.conf
load_module "modules/ngx_http_perl_module.so";
env HELIUM_LOCATION;
http {
perl_set $helium_location 'sub { return $ENV{"HELIUM_LOCATION"}; }';
server {
listen 8000;
root /usr/share/nginx/html;
include /etc/nginx/mime.types;
client_max_body_size 10M;
location /api {
rewrite ^/api(.*) /$1 break;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Prefix /api;
proxy_pass http://$helium_location;
}
location /health {
default_type application/json;
return 200 '{"status": "UP"}';
}
location / {
try_files $uri $uri/ /index.html;
}
}
}
Spring Boot版本为2.1,Nginx容器为Nginx:1.11.8-Alpine。使用Spring Boot 1.5.7时,这有效。
如果还有其他任何信息有助于解决此问题,请告诉我,我会尽力为您获得它。谢谢!
来自春季框架文档
例如,它可以包含路径 - 传播序列(例如/../)或 多个前向斜线(//)也可能导致模式匹配 失败。
您正在使用此重写
添加额外的斜线location /api {
rewrite ^/api(.*) /$1 break;
...
}
在日志上,我可以看到此
127.0.0.1 - - [06/Mar/2019:16:22:15 +0000] "GET //something HTTP/1.0" 200 612 "-" "curl/7.52.1"
172.17.0.1 - - [06/Mar/2019:16:22:15 +0000] "GET /api/something HTTP/1.1" 200 612 "-" "curl/7.52.1"
将其更改为
rewrite ^/api(.*) $1 break;
您可以通过nginx -s reload
现在没有准备额外的斜线
127.0.0.1 - - [06/Mar/2019:16:27:22 +0000] "GET /something HTTP/1.0" 200 612 "-" "curl/7.52.1"
172.17.0.1 - - [06/Mar/2019:16:27:22 +0000] "GET /api/something HTTP/1.1" 200 612 "-" "curl/7.52.1"