我有两个需要相互通信的docker容器。一个是前端的nginx容器,需要在另一个容器中与Spring后端进行通信。在Docker外部运行时,通信可以正常工作,但是当我对项目进行dockerize时,尝试从前端向后端发送任何请求时出现以下错误:
org.springframework.security.web.firewall.RequestRejectedException: The request was rejected because the URL was not normalized.
来自Spring的StrictHttpFirewall。
nginx.conf
load_module "modules/ngx_http_perl_module.so";
env HELIUM_LOCATION;
http {
perl_set $helium_location 'sub { return $ENV{"HELIUM_LOCATION"}; }';
server {
listen 8000;
root /usr/share/nginx/html;
include /etc/nginx/mime.types;
client_max_body_size 10M;
location /api {
rewrite ^/api(.*) /$1 break;
proxy_set_header X-Forwarded-Host $host:$server_port;
proxy_set_header X-Forwarded-Prefix /api;
proxy_pass http://$helium_location;
}
location /health {
default_type application/json;
return 200 '{"status": "UP"}';
}
location / {
try_files $uri $uri/ /index.html;
}
}
}
Spring引导版本为2.1,nginx容器为nginx:1.11.8-alpine。使用Spring Boot 1.5.7时此方法有效,因此Spring处理这些请求的方式有什么变化吗?
如果还有其他有助于解决此问题的信息,请告诉我,我们将尽力为您服务。谢谢!
答案 0 :(得分:1)
来自Spring Framework Documentation
例如,它可以包含路径遍历序列(例如/../)或 多个正斜杠(//),也可能导致模式匹配 失败。
您通过此重写添加了一个斜杠
location /api {
rewrite ^/api(.*) /$1 break;
...
}
在日志上,我可以看到
127.0.0.1 - - [06/Mar/2019:16:22:15 +0000] "GET //something HTTP/1.0" 200 612 "-" "curl/7.52.1"
172.17.0.1 - - [06/Mar/2019:16:22:15 +0000] "GET /api/something HTTP/1.1" 200 612 "-" "curl/7.52.1"
将其更改为
rewrite ^/api(.*) $1 break;
您可以通过执行nginx -s reload
现在不再加斜杠
127.0.0.1 - - [06/Mar/2019:16:27:22 +0000] "GET /something HTTP/1.0" 200 612 "-" "curl/7.52.1"
172.17.0.1 - - [06/Mar/2019:16:27:22 +0000] "GET /api/something HTTP/1.1" 200 612 "-" "curl/7.52.1"