[英]SSL on KeystoneJS with letsencrypt and apache2
我正在使用docker-compose在Ubuntu 16上部署keystonejs應用程序,並擁有有效的letencrypt證書。
我在keystone.js中添加了以下設置
'ssl': true
'port': 3000,
'admin path': 'admin',
'ssl cert': '/etc/letsencrypt/live/mydomain.com/fullchain.pem',
'ssl key': '/etc/letsencrypt/live/mydomain.com/privkey.pem',
'letsencrypt': (process.env.NODE_ENV === 'production') && {
email: 'user@gmail.com',
domains: ['www.mydomain.com', 'mydomain.com'],
register: true,
tos: true,
},
服務器開始向我顯示以下內容:
app |
app | ------------------------------------------------
app | KeystoneJS v4.0.0 started:
app | mydomain is ready on http://0.0.0.0:3000
app | SSL Server is ready on https://0.0.0.0:3001
app | ------------------------------------------------
app |
但是當我訪問我的網站時。 它不會從瀏覽器的url選項卡中顯示為受保護。 它顯示一個小的感嘆號(!)。說:您與該站點的連接不牢固。
我的服務器上有apache2。
在/etc/apache2/sites-available/mydomain.com.conf下,我有這個:
<VirtualHost *:80>
# Admin email, Server Name (domain name), and any aliases
ServerAdmin info@mydomain.com
ServerName mydomain.com
ServerAlias www.mydomain.com
# Index file and Document Root (where the public files are located)
DirectoryIndex index.html
DocumentRoot /var/www/html/mydomain.com/
# Log file locations
LogLevel warn
ErrorLog /var/www/html/mydomain.com/log/error.log
CustomLog /var/www/html/mydomain.com/log/access.log combined
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
ProxyPreserveHost On
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mydomain.com [OR]
RewriteCond %{SERVER_NAME} =mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
並在/etc/apache2/sites-available/mydomain.com.le.ssl.conf下
<IfModule mod_ssl.c>
<VirtualHost *:443>
# Admin email, Server Name (domain name), and any aliases
ServerAdmin info@mydomain.com
ServerName mydomain.com
ServerAlias www.mydomain.com
# Index file and Document Root (where the public files are located)
DirectoryIndex index.html
DocumentRoot /var/www/html/mydomain.com/
# Log file locations
LogLevel warn
ErrorLog /var/www/html/mydomain.com/log/error.log
CustomLog /var/www/html/mydomain.com/log/access.log combined
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
ProxyPreserveHost On
Include /etc/letsencrypt/options-ssl-apache.conf
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
</VirtualHost>
</IfModule>
我嘗試將ProxyPass和ProxyPassReverse指向3001端口。 但是該站點將永遠無法訪問。 非常感謝任何幫助。
嘗試禁用Keystone中的SSL。 通過Apache服務器代理流量時,您不需要它。 它將處理證書,並在沒有SSL的情況下在本地與Keystone通信。 然后,您可以阻止3000端口從外部訪問蜂。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.