Почему не правильно проксируется jira через nginx?

Question

[Yermek]

Всем привет! Имею следующую конфигурацию контейнера

docker-compose.yml

jira:
    container_name: jira-server
    image: "atlassian/jira-software:latest"
    restart: always
    volumes:
      - ./data/jiraVol:/var/atlassian/application-data/jira
    expose:
      - '8080'
    ports:
      - 8080:8080
    environment:
      TZ: "Asia/Almaty"
      ATL_PROXY_NAME: 'mc.dsdk.kz'
      ATL_PROXY_PORT: '443'
      ATL_TOMCAT_CONTEXTPATH: 'jira'
      ATL_TOMCAT_SECURE: 'true'
      ATL_TOMCAT_SCHEME: 'https'

и nginx (заимствовал отсюда)

nginx.conf

location /jira {
            proxy_pass http://jira-server:8080/jira;

            client_max_body_size 10m;

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
        }

при обращении к https://myhost.kz/jira имею следующую картину:

'
Получается, что при получении страниц все Ок, при получении же ресурсов (css, js....) вылетает 404 ошибка. УРЛ-ы внутри формируются правильно (с префиксом jira)

скрин урлов

Судя по этим записям из логов nginx

логи nginx

2021/10/21 07:10:04 [error] 9#9: *539 open() "/var/www/html/jira/s/a7062527787f02b915ef4984d1a3d398-CDN/xca9zm/820000/1dlckms/c95955c3a0b2b5bb35a047ca6970ceb9/_/download/contextbatch/css/_super/batch.css" failed (2: No such file or directory), client: 192.168.200.24, server: , request: "GET /jira/s/a7062527787f02b915ef4984d1a3d398-CDN/xca9zm/820000/1dlckms/c95955c3a0b2b5bb35a047ca6970ceb9/_/download/contextbatch/css/_super/batch.css HTTP/2.0", host: "myhost.kz", referrer: "https://myhost.kz/jira/secure/Dashboard.jspa"                                                                                                             
2021/10/21 07:10:04 [error] 9#9: *539 open() "/var/www/html/jira/s/d1a815f1902448fce1ca17a73975006f-CDN/xca9zm/820000/1dlckms/579516e856ec5ec845312266fc2e6f6a/_/download/contextbatch/css/atl.dashboard,jira.global,atl.general,jira.dashboard,-_super/batch.css" failed (2: No such file or directory), client: 192.168.200.24, server: , request: "GET /jira/s/d1a815f1902448fce1ca17a73975006f-CDN/xca9zm/820000/1dlckms/579516e856ec5ec845312266fc2e6f6a/_/download/contextbatch/css/atl.dashboard,jira.global,atl.general,jira.dashboard,-_super/batch.css?agile_global_admin_condition=true&jag=true HTTP/2.0", host: "myhost.kz", referrer: "https://myhost.kz/jira/secure/Dashboard.jspa"
2021/10/21 07:10:04 [error] 9#9: *539 open() "/var/www/html/jira/s/d41d8cd98f00b204e9800998ecf8427e-CDN/xca9zm/820000/1dlckms/3.0.4/_/download/batch/com.atlassian.jira.jira-tzdetect-plugin:tzdetect-banner-component/com.atlassian.jira.jira-tzdetect-plugin:tzdetect-banner-component.css" failed (2: No such file or directory), client: 192.168.200.24, server: , request: "GET /jira/s/d41d8cd98f00b204e9800998ecf8427e-CDN/xca9zm/820000/1dlckms/3.0.4/_/download/batch/com.atlassian.jira.jira-tzdetect-plugin:tzdetect-banner-component/com.atlassian.jira.jira-tzdetect-plugin:tzdetect-banner-component.css HTTP/2.0", host: "myhost.kz", referrer: "https://myhost.kz/jira/secure/Dashboard.jspa"

я подозреваю, что ресурсы отрабатывает какое то другое правило. Подскажите пожалуйста, что надо исправить в conf файле, что бы правильно разрулить маршруты (ресурсы отрабатывались корректным контейнером)

nginx-ssl.conf

# user  www-data;
worker_processes  1;

error_log  /var/log/nginx/error.log warn;
pid        /var/run/nginx.pid;

events {
    worker_connections  1024;
}

http {

    upstream backend {
        server app-server:9000;
    }


    include       /etc/nginx/mime.types;
    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  3600;

    map $http_host $this_host {
        "" $host;
        default $http_host;
    }

    map $http_x_forwarded_proto $the_scheme {
        default $http_x_forwarded_proto;
        "" $scheme;
    }

    map $http_x_forwarded_host $the_host {
        default $http_x_forwarded_host;
        "" $this_host;
    }

    server {
        listen 80;
        server_name myhost.kz;
        # server_tokens off;

        # windnow: changed to `location`
        # rewrite ^ https://$host$request_uri? permanent;

        location / {
            return 301 https://$host$request_uri;
        }

        location ~ ^/\.well-known/acme-challenge/ {
            root /var/www/certbot;
        }

        location ~ ^/GponForm/diag_Form {
                        return 444;
        }
    }

    server {
        listen 443 ssl http2;

        keepalive_timeout   3600;
        ssl_certificate /etc/nginx/certs/live/myhost.kz/fullchain.pem;
        ssl_certificate_key /etc/nginx/certs/live/myhost.kz/privkey.pem;
        include /etc/nginx/certs/options-ssl-nginx.conf;
        ssl_dhparam /etc/nginx/certs/ssl-dhparams.pem;

        # Add headers to serve security related headers
        add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
        add_header X-Content-Type-Options nosniff;
        add_header X-XSS-Protection "1; mode=block";
        add_header X-Robots-Tag none;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header X-Download-Options noopen;
        add_header X-Permitted-Cross-Domain-Policies none;
        root /var/www/html;
        client_max_body_size 10G; # 0=unlimited - set max upload size
        fastcgi_buffers 128 8K;

        gzip off;

        index index.php;
        error_page 403 /core/templates/403.php;
        error_page 404 /core/templates/404.php;

        rewrite ^/.well-known/carddav /remote.php/dav/ permanent;
        rewrite ^/.well-known/caldav /remote.php/dav/ permanent;
        rewrite ^/.well-known/webfinger /public.php?service=webfinger last;

        location = /robots.txt {
            allow all;
            log_not_found off;
            access_log off;
        }

        location ~ ^/(build|tests|config|lib|3rdparty|templates|data)/ {
            deny all;
        }

        location ~ ^/(?:\.|autotest|occ|issue|indie|db_|console) {
            deny all;
        }

        location / {
            rewrite ^/remote/(.*) /remote.php last;
            rewrite ^(/core/doc/[^\/]+/)$ $1/index.html;
            try_files $uri $uri/ =404;
        }

        location ~* ^/ds-vpath/ {
            rewrite /ds-vpath/(.*) /$1  break;
            proxy_pass http://onlyoffice-document-server;
            proxy_redirect     off;

            client_max_body_size 100m;

            proxy_http_version 1.1;
            proxy_set_header Upgrade $http_upgrade;
            proxy_set_header Connection "upgrade";

            proxy_set_header Host $http_host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $the_host/ds-vpath;
            proxy_set_header X-Forwarded-Proto $the_scheme;
        }

        location /jira {
            proxy_pass http://jira-server:8080/jira;

            client_max_body_size 10m;

            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Host $host;
            proxy_set_header X-Forwarded-Server $host;
        }

        location ~ \.php(?:$|/) {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            include fastcgi_params;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            fastcgi_param PATH_INFO $fastcgi_path_info;
            fastcgi_param HTTPS on;
            fastcgi_param modHeadersAvailable true; #Avoid sending the security headers twice
            fastcgi_pass backend;
            fastcgi_intercept_errors on;
            fastcgi_request_buffering off;
            fastcgi_read_timeout 3600;
        }

        # Adding the cache control header for js and css files
        # Make sure it is BELOW the location ~ \.php(?:$|/) { block
        location ~* \.(?:css|js)$ {
            add_header Cache-Control "public, max-age=15778463";
            # Add headers to serve security related headers
            add_header Referrer-Policy "no-referrer" always;
            add_header Strict-Transport-Security "max-age=15768000; includeSubDomains; preload;";
            add_header X-Content-Type-Options nosniff;
            add_header X-Robots-Tag none;
            add_header X-Frame-Options "SAMEORIGIN" always;
            add_header X-Download-Options noopen;
            add_header X-Permitted-Cross-Domain-Policies none;
            add_header X-XSS-Protection "1; mode=block" always;
            # Optional: Don't log access to assets
            access_log off;
        }

        # Optional: Don't log access to other assets
        location ~* \.(?:jpg|jpeg|gif|bmp|ico|png|swf)$ {
            access_log off;
        }

        location ~ ^/GponForm/diag_Form {
                        return 444;
        }
    }
}

Comments

[dodo512]

Запросы к css, js попадают не в location /jira, а в location ~* \.(?:css|js)$
Можно повысить приоритет location /jira добавлением ^~.

location ^~ /jira {

[Yermek]

dodo512, спасибо, помогло. А как это читается? "Начало с учетом регистра /jira" - так?
И почему это повысило приоритет, и не отключило обработку ресурсов основными контейнером?

Если Вам не сложно, подскажите пожалуйста, как nginx интерпретировал до исправления эти настройки, и как после

[dodo512]

Если у совпавшего префиксного location’а максимальной длины указан модификатор “^~”, то регулярные выражения не проверяются.

Yermek, про очерёдность проверки location можно почитать в документации.

location ~^/jira тут ^ часть регулярного выражения.
location ^~/jira а тут уже не регулярное выражение, а обычный префиксный location и модификатор ^~