[英]How to fix nginx default configuration after installing an let's encrypt SSL on digital ocean with Ubuntu 18.04?
我的网站正在运行,但SSL仅在非www上运行。 重新安装后,让我们加密SSL证书使网站崩溃。 我能够取得领先,但无法实现api。
我将站点移至新的Droplet,并在带有Node.js的Ubuntu 18.04上使用python安装了Nginx,Pm2和certbot。
该站点未加载,这有点令人沮丧。 我认为问题在于certbot重写了ngix默认文件,我不确定如何修复它。
这是我在/ etc / nginx / sites-available / default上的配置
upstream my_app {
server 127.0.0.1:3000;
}
server {
#listen 80;
listen [::]:80;
#listen 443 ssl;
#listen [::]:443 ssl;
if ($host = www.mysite.com) {
return 301 https://mysitehere$request_uri;
}
server_name roomies.es;
listen 443 ssl;
ssl on;
ssl_certificate /etc/letsencrypt/live/mysite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mysite.com/privkey.pem;
if ($ssl_protocol = "") {
rewrite ^ https://$server_name$request_uri? permanent;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass https://mysite_app;
proxy_redirect off;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location ~ /.well-known {
allow all;
}
}
```
I need the front to run on port 3000 and my api on port 4000.
Thanks in advance!
这是在安装“让我们加密”后必须设置NGINX配置的方式:
/ etc / nginx / sites-enabled / default (应该与/ etc / nginx / sites-available / default相同的文件):
# Default server configuration
server {
root /var/www/html;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name example.com;
return 301 https://www.example.com$request_uri;
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
为清楚起见,返回301是确保将所有非www流量都移至URL的www版本。
请记住,将配置保存在记事本或其他东西上,以便在不起作用的情况下快速恢复为原始配置。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.