将SSL(PORT 443)添加到Nginx反向代理服务器(PORT 80)-Nginx配置文件
[英]Adding an SSL (PORT 443) to an Nginx Reverse Proxy Server (PORT 80) - Nginx Config File
问题描述
使用Ubuntu,我使用Certbot生成了SSL。 这已自动更新了我的Nginx配置文件并添加了其他监听端口。 我担心是否只需要侦听一个PORT(80或443),而不是两者都侦听,但是我找不到有关是否需要删除侦听PORT 80的相关信息。请参阅下面的配置文件。 :
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
server_name _;
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
root /var/www/html;
location / {
try_files $uri $uri/ =404;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my.domain.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my.domain.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = my.domain.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name my.domain.co.uk;
return 404; # managed by Certbot
}
既然Certbot已将代码添加到单独的服务器块中,我是否需要删除初始服务器块在端口80侦听的位置? 我有一个问题,就是一台旧服务器在使用时一夜之间崩溃了,我感觉这是与Nginx配置文件相关的东西,与此类似。
很抱歉,如果这个问题很愚蠢,我对此并不十分有经验,很不幸,发现它非常困难。 感谢您的见解。
1 个解决方案
解决方案1
1 已采纳 2018-11-15 15:37:28
您没有确切包含所需的内容(例如,哪个应用程序应在哪个端口上服务请求以及HTTP请求应执行什么操作),但我将假定
- 所有端口80请求均为HTTP,所有443请求均为HTTPS。
- 您希望所有HTTP请求都重定向到HTTPS
- 所有HTTPS请求都应传递到节点
如果是这样,这可能是您真正想要的:
server {
root /var/www/html;
server_name my.domain.co.uk;
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my.domain.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my.domain.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = my.domain.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name my.domain.co.uk;
return 404; # managed by Certbot
}
第一个服务器块仅处理HTTPS请求,并将所有请求传递到节点。 第二个服务器块仅处理HTTP请求,并将它们重定向到HTTPS。
使用 nginx 80 和 443 进行反向代理对侦听端口 3000 的节点进程有危险吗?
[英]Danger of reverse proxying with nginx 80 and 443 to a node process listening on port 3000?
尝试使用docker使Nginx代理在node.js的端口80和443上工作
[英]Trying to get nginx proxy to work on port 80 and 443 for node.js with docker
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.