节点js + Nginx + Amazon Linux + SSL
[英]Node js + Nginx + Amazon Linux + SSL
问题描述
I have a node js application running on AWS linux server with ssl. 
我有一个使用ssl在AWS linux服务器上运行的node js应用程序。 I wanted to implement nginx to the same. 我想将nginx实现为相同。 I googled it and read that if I implement ssl in nginx then the node application runs on http. 我用谷歌搜索,并阅读到如果我在nginx中实现ssl,那么节点应用程序将在http上运行。 So I configured the nginx conf as follows and ran the node js application with normal http server: 因此,我按照以下方式配置了nginx conf并使用普通的http服务器运行了node js应用程序:
listen 443 ssl;
server_name myserver.com;
ssl_certificate myserver.chained.crt;
ssl_certificate_key myserver.key;
ssl_client_certificate myserver.crt;
ssl_verify_client optional;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header VERIFIED $ssl_client_verify;
proxy_set_header DN $ssl_client_s_dn;
proxy_pass http://127.0.0.1:3000;
}
Now the application is running on http as well as https. 现在,该应用程序可以在http和https上运行。 I want the nginx to be implemented and through ssl and the application to run only on https. 我希望实现nginx并通过ssl和该应用程序仅在https上运行。 Is my approach right and what am I missing? 我的方法正确吗?我想念什么?
2 个解决方案
解决方案1
1 已采纳 2016-02-19 19:33:57
I see you have the application running on port 3000, what you will want to do so that it only runs on https is to block all requests on port 3000 to the server (using a firewall or security group rules in aws ), and for every request on port 80 you will want to redirect them to the https version (port 443). 我看到您的应用程序在端口3000上运行,您想要做的是使其仅在https上运行是阻止端口3000上对服务器的所有请求(使用aws中的防火墙或安全组规则 ),并且对于每个在端口80上请求,您将需要将其重定向到https版本(端口443)。 Something like this: 像这样:
server {
listen 80;
server_name my.domain.com;
return 301 https://$server_name$request_uri;
}
I found the above rule in this answer on serverfault . 我在关于serverfault的答案中找到了上述规则 。
解决方案2
0 2017-02-17 08:22:28
upstream app
{
server 127.0.0.1:3000;
}
server
{
listen 80;
listen 443 ssl;
server_name www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
client_header_buffer_size 64k;
large_client_header_buffers 4 64k;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
location ~ ^/(assets/|images/|img/|javascript/|js/|css/|stylesheets/|flash/|media/|static/|robots.txt|humans.txt|favicon.ico) {
root /var/www/example.com/public/;
access_log off;
expires 24h;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://app$uri$is_args$args;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.