Nginx 反向代理不会解析为 SSL
[英]Nginx Reverse Proxy won't resolve to SSL
问题描述
I'm kinda new with NGINX, so still learning how to deploy it correctly.
我对 NGINX 有点陌生,所以仍在学习如何正确部署它。 At this moment I'm running into a problem.此刻我遇到了一个问题。
My project exists of a frontend in HTML (JS etc), and an API in nodeJS running on port 5000.我的项目存在于 HTML(JS 等)中的前端,以及在端口 5000 上运行的 nodeJS 中的 API。
I've created my Nginx file and it kinda works at the moment.我已经创建了我的 Nginx 文件,目前它可以正常工作。 The HTML page is shown with Letsecrypt certificate over port 443. And I can fire fetch requests over http to my api. But, when firing from the website, I get a mixed-content warning. HTML 页面在端口 443 上显示了 Letsecrypt 证书。我可以通过 http 将提取请求发送到我的 api。但是,当从网站发送时,我收到混合内容警告。 Since the XHR requests are fired at the http version and not the https version.由于 XHR 请求是在 http 版本而不是 https 版本触发的。 I'm trying to setup my Nginx conf to XHR over https, but no luck yet.我正在尝试通过 https 将我的 Nginx conf 设置为 XHR,但还没有成功。
This is my conf file (I starred out the original domain)这是我的 conf 文件(我用星标标出了原来的域)
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.html;
server_name pim.********.***;
location / {
try_files $uri $uri/ =404;
}
}
server {
root /var/www/html;
index index.html;
server_name pim.*****.***; # managed by Certbot
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/pim.*******.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/pim.*******.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = pim.******.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name pim.******.com;
return 404; # managed by Certbot
}
server {
listen 5000 ;
listen [::]:5000 ;
server_name pim.*******.com;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
I've tried to create a location at /api with the port 443, but this gives an error when testing the nginx file.我试图在 /api 上创建一个端口为 443 的位置,但这在测试 nginx 文件时会出错。
1 个解决方案
解决方案1
0 2022-11-24 21:22:17
If you want to keep this setup as is (http -> https redirection and api access via port 5000).如果您想保持此设置不变(http -> https 重定向和 api 通过端口 5000 访问)。
This nginx config should work:这个 nginx 配置应该可以工作:
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name pim.******.com;
# redirect to the https version
return 301 https://$host$request_uri;
}
server {
# handles normal ssl/tls traffic
# i would also use http2 on https
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name pim.*****.***;
root /var/www/html;
index index.html;
ssl_certificate /etc/letsencrypt/live/pim.*******.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pim.*******.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
try_files $uri $uri/ =404;
}
}
server {
# same as 443 but with the differnt port
listen 5000 ssl http2;
listen [::]:5000 ssl http2;
server_name pim.*******.com;
# certs are required for ssl/tls traffic
ssl_certificate /etc/letsencrypt/live/pim.*******.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pim.*******.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
I personally would suggest to useing the normal port and either use a subdomain (api.example.com) or a subpath ( https://example.com/api/ ).我个人建议使用普通端口并使用子域 (api.example.com) 或子路径 ( https://example.com/api/ )。
Config for Subdomain:子域的配置:
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name api.pim.*******.com;
ssl_certificate /etc/letsencrypt/live/pim.*******.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pim.*******.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Config for SubPath:子路径的配置:
server {
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server;
server_name pim.*****.***;
root /var/www/html;
index index.html;
ssl_certificate /etc/letsencrypt/live/pim.*******.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/pim.*******.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
location / {
try_files $uri $uri/ =404;
}
location /api/ {
proxy_pass http://localhost:5000/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
Use whatever suits you.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.