Nginx、Https、反向代理、握手错误。需要审查 'nginx/sites-enabled/default' 个文件。
Nginx, Https, reverse proxy, handshake error. Need review of 'nginx/sites-enabled/default' file.
我希望查看下面的一些代码 -- 它是 'nginx/sites-enabled/default' 文件。我相信它可能有一些明显的陷阱,阻止我的网站在 https 下重定向。我花了几天时间查看 Nginx 文档,但未能解决我的问题。感谢您的帮助!
上下文:
我正在尝试设置一个反向代理,将我的域 url 指向我的 Digital Ocean 服务器上的 localhost:3000。除了我的 https 没有解析之外,一切似乎都运行良好。我通常遵循以下两个教程:https://code.lengstorf.com/deploy-nodejs-ssl-digitalocean/ and https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04 .
当我进入 url 时,我得到:"ERR_CONNECTION_RESET"。当我在服务器上 运行 curl http://localhost:3000, my html is returned as expected. When I run curl on my server for https://mysite.io 时,我收到错误:"curl (35) gnutls_handshake() failed: Error in the pull function"。我所有的 http curl 请求都正确重定向到 https,dig +short mysite.io 指向我的服务器,nginx -t 没有错误返回。
我的预感是我的 'nginx/sites-enabled/default' 文件有问题,更具体地说是处理 https 的服务器块。前两个服务器块来自第一个教程,后两个是 Certbot 在上述第二个教程中自动生成的。再次感谢您的帮助!
# HTTP — redirect all traffic to HTTPS
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
}
# HTTPS — proxy all requests to the Node app
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mysite.io;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/mysite.io/fullchain.pem; # managed $
ssl_certificate_key /etc/letsencrypt/live/mysite.io/privkey.pem; # manage$
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
server {
return 301 https://$host$request_uri;
server_name www.mysite.io; # managed by Certbot
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysite.io/fullchain.pem; # managed $
ssl_certificate_key /etc/letsencrypt/live/mysite.io/privkey.pem; # manage$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.mysite.io) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80 ;
server_name www.mysite.io;
return 404; # managed by Certbot
}
前两个块是不必要的,可以删除。然后,我们可以从第二个服务器块中获取位置块并将其添加到第三个服务器块。然后,最后我们可以从第三个块中删除 301,最后是这样的:
server {
server_name www.mysite.io; # managed by Certbot
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
# change the above line to "listen 443 ssl http2" if you want http2
ssl_certificate /etc/letsencrypt/live/mysite.io/fullchain.pem; # managed $
ssl_certificate_key /etc/letsencrypt/live/mysite.io/privkey.pem; # manage$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.mysite.io) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80 ;
server_name www.mysite.io;
return 404; # managed by Certbot
}
我希望查看下面的一些代码 -- 它是 'nginx/sites-enabled/default' 文件。我相信它可能有一些明显的陷阱,阻止我的网站在 https 下重定向。我花了几天时间查看 Nginx 文档,但未能解决我的问题。感谢您的帮助!
上下文: 我正在尝试设置一个反向代理,将我的域 url 指向我的 Digital Ocean 服务器上的 localhost:3000。除了我的 https 没有解析之外,一切似乎都运行良好。我通常遵循以下两个教程:https://code.lengstorf.com/deploy-nodejs-ssl-digitalocean/ and https://www.digitalocean.com/community/tutorials/how-to-secure-nginx-with-let-s-encrypt-on-ubuntu-18-04 .
当我进入 url 时,我得到:"ERR_CONNECTION_RESET"。当我在服务器上 运行 curl http://localhost:3000, my html is returned as expected. When I run curl on my server for https://mysite.io 时,我收到错误:"curl (35) gnutls_handshake() failed: Error in the pull function"。我所有的 http curl 请求都正确重定向到 https,dig +short mysite.io 指向我的服务器,nginx -t 没有错误返回。
我的预感是我的 'nginx/sites-enabled/default' 文件有问题,更具体地说是处理 https 的服务器块。前两个服务器块来自第一个教程,后两个是 Certbot 在上述第二个教程中自动生成的。再次感谢您的帮助!
# HTTP — redirect all traffic to HTTPS
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
}
# HTTPS — proxy all requests to the Node app
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name mysite.io;
# Use the Let’s Encrypt certificates
ssl_certificate /etc/letsencrypt/live/mysite.io/fullchain.pem; # managed $
ssl_certificate_key /etc/letsencrypt/live/mysite.io/privkey.pem; # manage$
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
server {
return 301 https://$host$request_uri;
server_name www.mysite.io; # managed by Certbot
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mysite.io/fullchain.pem; # managed $
ssl_certificate_key /etc/letsencrypt/live/mysite.io/privkey.pem; # manage$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.mysite.io) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80 ;
server_name www.mysite.io;
return 404; # managed by Certbot
}
前两个块是不必要的,可以删除。然后,我们可以从第二个服务器块中获取位置块并将其添加到第三个服务器块。然后,最后我们可以从第三个块中删除 301,最后是这样的:
server {
server_name www.mysite.io; # managed by Certbot
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
# change the above line to "listen 443 ssl http2" if you want http2
ssl_certificate /etc/letsencrypt/live/mysite.io/fullchain.pem; # managed $
ssl_certificate_key /etc/letsencrypt/live/mysite.io/privkey.pem; # manage$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.mysite.io) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80 ;
server_name www.mysite.io;
return 404; # managed by Certbot
}