EC2 Nginx 允许加密设置,https 不工作
EC2 Nginx lets encrypt setup, https is not working
我在 EC2 实例中设置了 nodejs REST api 服务器。在我的 goDaddy 控制台中,我已将我的 ec2 实例的 IP 地址映射到我的域。现在可以通过 http 访问它。这是我的 api.
的 link
我已经为我的域配置了 nginx 服务器并安装了证书。这是 nginx 配置
server {
listen 80;
listen [::]:80;
server_name api.domain.in;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/api.domain.in/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/api.domain.in/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
执行 netstat -plnt 得到以下结果
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 :::3000 :::* LISTEN 126894/node /home/u
tcp6 0 0 :::443 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
执行 sudo ufw status 得到以下结果
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Nginx Full ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
执行 sudo ufw app list 得到以下结果
Available applications:
Apache
Apache Full
Apache Secure
Nginx Full
Nginx HTTP
Nginx HTTPS
OpenSSH
仍然 http://api.domain.in/health works but https://api.domain.in/health 没有。
对于 debug/troubleshoot 的步骤的解决方案或帮助将不胜感激。我配置错了什么?似乎 https 流量没有到达我的 ec2 实例。
port 80, 22, 300 are open for source 0.0.0.0/0. Do I need to open 443 also?
根据问题和评论,您可能缺少 ec2 安全组中的端口 443
我在 EC2 实例中设置了 nodejs REST api 服务器。在我的 goDaddy 控制台中,我已将我的 ec2 实例的 IP 地址映射到我的域。现在可以通过 http 访问它。这是我的 api.
的 link我已经为我的域配置了 nginx 服务器并安装了证书。这是 nginx 配置
server {
listen 80;
listen [::]:80;
server_name api.domain.in;
location / {
proxy_pass http://127.0.0.1:3000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/api.domain.in/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/api.domain.in/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
执行 netstat -plnt 得到以下结果
(Not all processes could be identified, non-owned process info
will not be shown, you would have to be root to see it all.)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 127.0.0.53:53 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 :::3000 :::* LISTEN 126894/node /home/u
tcp6 0 0 :::443 :::* LISTEN -
tcp6 0 0 :::80 :::* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
执行 sudo ufw status 得到以下结果
Status: active
To Action From
-- ------ ----
OpenSSH ALLOW Anywhere
Nginx Full ALLOW Anywhere
OpenSSH (v6) ALLOW Anywhere (v6)
Nginx Full (v6) ALLOW Anywhere (v6)
执行 sudo ufw app list 得到以下结果
Available applications:
Apache
Apache Full
Apache Secure
Nginx Full
Nginx HTTP
Nginx HTTPS
OpenSSH
仍然 http://api.domain.in/health works but https://api.domain.in/health 没有。
对于 debug/troubleshoot 的步骤的解决方案或帮助将不胜感激。我配置错了什么?似乎 https 流量没有到达我的 ec2 实例。
port 80, 22, 300 are open for source 0.0.0.0/0. Do I need to open 443 also?
根据问题和评论,您可能缺少 ec2 安全组中的端口 443