Digitalocean 使用 nginx 部署节点 https 应用程序

Digitalocean deploying node https app with nginx

我 运行 使用 nginx 在 Digitalocean droplet 中安装我的应用程序我发现如果我 运行 我的应用程序与 http 它完美地工作,但是当我 运行 它使用 https nginx 给我 502 BAD GATEWAY,我尝试了其他 digitalocean 指南并搜索了 Whosebug,但从未找到解决方案,所以我考虑制作这个 post.

NGINX 默认文件:

server {
        listen 443 ssl http2;
        listen [::]:443 ssl http2;

        server_name mydomain.io www.mydomain.io;

        ssl_certificate /home/myapp/ssl/myapp.crt;
        ssl_certificate_key /home/myapp/ssl/myapp.key;

        location / {
                proxy_pass http://localhost:3000;
                proxy_http_version 1.1;
                proxy_set_header Upgrade $http_upgrade;
                proxy_set_header Connection 'upgrade';
                proxy_set_header Host $host;
                proxy_cache_bypass $http_upgrade;
        }
}

我的应用代码:

const express = require("express");
//const http = require('http');
const https = require('https');
const helmet = require("helmet");
const cors = require("cors");
const fs = require("fs");
const path = require("path");
const app = express();
const config = require("./config");
const passport = require("passport");
const credentials = { key: fs.readFileSync('ssl/myapp.key', 'utf-8'), cert: fs.readFileSync('ssl/myapp.crt', 'utf-8'), ca: fs.readFileSync('ssl/myapp.ca-bundle', 'utf-8') };

app.use(helmet());
app.use(cors());
app.use(express.json());
app.use(express.urlencoded({ extended: false }));
app.use(
  require("express-session")({
    secret: require("./config.json").app.secretKey,
    resave: false,
    saveUninitialized: true,
    cookie: {
      secure: false,
      maxAge: 60 * 60 * 1000 * 24 * 365,
    },
  })
);

app.use(passport.initialize());
app.use(passport.session());
passport.use(require("./service/passport"));

app.set("view engine", "ejs");
app.set("views", path.join(__dirname, "views"));
app.use(express.static(path.join(__dirname, "views")));

app.use('/', require('./api/home'));
app.use("/auth", require("./api/auth"));
app.use("/user", require("./api/user"));

app.get('/tos',(req,res)=>{
  res.render('tos');
});


//var httpServer = http.createServer(app);
var httpsServer = https.createServer(credentials, app);

httpsServer.listen(config.app.port,'localhost',()=>{
        console.log("App started on port:"+config.app.port);
});

我是 nginx 的新手,谁能解释一下如何做到这一点?

我有多个服务器 运行 node.js 应用程序在 80 和 443 上都很好。

我会更喜欢你使用我使用的配置-

server {
    server_name yourdomain.com;
    proxy_buffering off;
    location / {
        proxy_pass http://localhost:3000;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}

server {
    if ($host = yourdomain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 0.0.0.0:80;
    server_name yourdomain.com;
    return 404; # managed by Certbot
}

我主要将 Certbot 用于我的 SSL 证书,您可以使用任何您想要的其他东西!

您的应用程序代码 运行 使用 HTTPS,而 NGINX proxy_pass 使用 http://localhost:3000.

要解决此问题,有两种方法:

  1. 使用 https://localhost:3000 更新 proxy_pass 并重启 NGINX
  2. 在应用程序级别使用 HTTP 而不是 HTTPS 并重新启动应用程序

任何选项都可以解决问题,最省力的方法是使用选项一。

您无需更改应用程序中的任何内容并继续使用 HTTP,Nginx 将为 https 请求提供服务并将 HTTP 重定向到您的应用程序。