堆栈内存溢出
  简体   繁体   English

当托管在 digitalocean 液滴上时,我无法让我的 asp.net mvc 使用 ssl

[英]I can't get my asp.net mvc to use ssl when being hosted on a digitalocean droplet

 原文  2022-10-05 21:03:26       asp.net/ nginx/ ssl/ lets-encrypt/ certbot

问题描述

I can't get my do.net mvc app to be hosted correctly over ssl (https).我无法通过 ssl (https) 正确托管我的 do.net mvc 应用程序。 It only works over http. The following is my relevant nginx files (with "example.org" used instead of my domain)它仅适用于 http。以下是我的相关 nginx 文件(使用“example.org”代替我的域)

/etc/nginx/sites-enabled/default /etc/nginx/站点启用/默认

# Default server configuration
#
server {
    server_name   example.org *.example.org;
    location / {
            proxy_pass         http://127.0.0.1:5000;
            proxy_http_version 1.1;
            proxy_set_header   Upgrade $http_upgrade;
            proxy_set_header   Connection keep-alive;
            proxy_set_header   Host $host;
            proxy_cache_bypass $http_upgrade;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
    }

    # SSL configuration

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    listen   80 default_server;
    # listen [::]:80 default_server deferred;
    return   444;
}

server {
    if ($host = example.org) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen        80;
    server_name   example.org *.example.org;
    return 404; # managed by Certbot

}

/etc/nginx/nginx.conf /etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {

        ##
        # Basic Settings
        ##

sendfile on;
        tcp_nopush on;
        types_hash_max_size 2048;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ##
        # SSL Settings
        ##

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3, ref: POODLE
        ssl_prefer_server_ciphers on;

        ##
        # Logging Settings
        ##

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        ##
        # Gzip Settings
        ##

        gzip on;

 application/xml application/xml+rss text/javascript;

        ##
        # Virtual Host Configs
        ##

        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

/etc/nginx/proxy.conf /etc/nginx/proxy.conf

proxy_redirect          off;
proxy_set_header        Host $host;
proxy_set_header        X-Real-IP $remote_addr;
proxy_set_header        X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header        X-Forwarded-Proto $scheme;
client_max_body_size    10m;
client_body_buffer_size 128k;
proxy_connect_timeout   90;
proxy_send_timeout      90;
proxy_read_timeout      90;
proxy_buffers           32 4k;

This makes my site work over "http://example.org" but not over "https://example.org".这使我的网站可以在“http://example.org”上运行,但不能在“https://example.org”上运行。 I don't know why it won't work over https?我不知道为什么它不能超过 https? I tried altering my /etc/nginx/nginx.conf file to make it like the recommended documentation for asp.net hosting via Microsoft.我尝试更改我的/etc/nginx/nginx.conf文件,使其类似于通过 Microsoft 托管的 asp.net 的推荐文档。 Here's my new /etc/nginx/nginx.conf file.这是我的新/etc/nginx/nginx.conf文件。

/etc/nginx/nginx.conf /etc/nginx/nginx.conf

user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;

events {
        worker_connections 768;
        # multi_accept on;
}

http {
    include        /etc/nginx/proxy.conf;
    limit_req_zone $binary_remote_addr zone=one:10m rate=5r/s;
    server_tokens  off;

    sendfile on;
    # Adjust keepalive_timeout to the lowest possible value that makes sense
    # for your use case.
    keepalive_timeout   29;
    client_body_timeout 10; client_header_timeout 10; send_timeout 10;

    upstream my-app{
        server 127.0.0.1:5000;
    }

    server {
        listen                    443 ssl http2;
        listen                    [::]:443 ssl http2;
        server_name               example.org *.example.org;
        ssl_certificate           /etc/letsencrypt/live/example.org/fullchain.pem;
        ssl_certificate_key       /etc/letsencrypt/live/example.org/privkey.pem;
        ssl_session_timeout       1d;
        ssl_protocols             TLSv1.2 TLSv1.3;
        ssl_prefer_server_ciphers off;
        ssl_ciphers               ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
        ssl_session_cache         shared:le_nginx_SSL:10m;
        ssl_session_tickets       off;
        ssl_stapling              off;

        add_header X-Frame-Options DENY;
        add_header X-Content-Type-Options nosniff;

        #Redirects all traffic
        location / {
            proxy_pass http://my-app;
            limit_req  zone=one burst=10 nodelay;
        }
    }
}

When I change my /etc/nginx/nginx.conf file to the above, both "http://example.org" and "https://example.com" fail.当我将/etc/nginx/nginx.conf文件更改为上述内容时,“http://example.org”和“https://example.com”都失败了。 So how do I get this app to work over https?那么如何让这个应用程序在 https 上运行呢?

2 个解决方案

解决方案1
 2 已采纳  2022-10-07 02:19:03

The problem was actually my ufw firewall.问题实际上是我的ufw防火墙。 When I was setting up the droplet I did the commands:当我设置 Droplet 时,我执行了以下命令:

sudo ufw enable
sudo ufw allow OpenSSH
sudo ufw default deny incoming
sudo ufw allow 'Nginx HTTP'

The problem above is that was supposed to do sudo ufw allow 'Nginx Full' then sudo reboot .上面的问题是应该做sudo ufw allow 'Nginx Full'然后sudo reboot After this, my original nginx configuration worked!在此之后,我原来的 nginx 配置成功了!

解决方案2
 0  2022-10-06 10:06:32

Try the config below (don't forget to disable https redirection in your app - remove app.UseHttpsRedirection(); from your Program.cs (Startup.cs) and remove applicationUrl https reference from launchSettings.json "https://localhost:5001"):尝试下面的配置(不要忘记在您的应用程序中禁用 https 重定向 - 从您的 Program.cs (Startup.cs) 中删除app.UseHttpsRedirection();并从launchSettings.json中删除 applicationUrl https 引用“https://localhost: 5001"):

worker_processes 1;

events { worker_connections 1024; }

http {

    sendfile on;
    access_log /var/log/nginx/access.log  combined;
    error_log /var/log/nginx/error.log;
    upstream web-api {
        server 127.0.0.1:5000;
    }

    server {
        listen 80;
        server_name yourdomain.com;
        
        location / {
            return 301 https://$host$request_uri;
        }
    }

    server {
        listen 443 ssl;
        server_name yourdomain.com;

        ssl_certificate /etc/ssl/certs/yourdomain.com.crt;
        ssl_certificate_key /etc/ssl/private/yourdomain.com.key;

        location / {
            proxy_pass         http://web-api;
            proxy_redirect     off;
            proxy_http_version 1.1;
            proxy_cache_bypass $http_upgrade;
            proxy_set_header   Upgrade $http_upgrade;
            proxy_set_header   Connection keep-alive;
            proxy_set_header   Host $host;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
            proxy_set_header   X-Forwarded-Host $server_name;
        }
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我无法从我的ASP.NET MVC3 ViewModel获取我的月,日,年下拉列表 - I can't get my Month, Day, Year dropdown lists to work from my ASP.NET MVC3 ViewModel 调试ASP.NET MVC应用程序时,如何显示对Site.css的更改? - When debugging an ASP.NET MVC app, how can I get my changes to Site.css to show up? 我如何测试我的ASP.NET网站在共享服务器上托管每天为很多访问者? - how do I test my ASP.NET website being hosted on shared server for lot of visitors a day? 无法获取我的ajax“添加到购物车局部”功能以在ASP.NET MVC中工作 - Can't GET my ajax “add to Cart Partial” function to work in ASP.NET MVC ASP.NET MVC找不到我的名称空间 - ASP.NET MVC can't find my namespace ASP.NET MVC2和MEF - 为什么我的MefControllerFactory不能获得导出或MetaData? - ASP.NET MVC2 and MEF - Why can't my MefControllerFactory get exports or MetaData? 在Azure Web角色中托管的ASP.NET MVC3应用程序中是否需要SessionStateModule? - Do I need SessionStateModule in my ASP.NET MVC3 application hosted in Azure web role? ASP.NET MVC 找不到我的控制器方法 - ASP.NET MVC can't find my controller method 当 SSL 被强制时,如何排除某些文件夹被 ASP.net 中的搜索引擎索引? - How can I exclude certain folders from being indexed by search engines in ASP.net when SSL is forced? 将SSL3和TLS与.Net Core ASP.Net MVC结合使用 - Use SSL3 and TLS with .Net Core ASP.Net MVC
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM