我在CentOS 7服务器上配置了Nginx。在那里我运行了2个站点,我使用Cerbot安装了SSL证书,并且执行过程没有错误。我有2个子域x.mydomain.com和y.mydomain.com
我运行的站点对应于在自己的端口上运行的应用程序,9100用于一个,9200用于第二个,因此我将Nginx配置为将请求重定向到相应的端口。例如,第一个应用程序的服务器块是:
server {
listen 80;
server_name x.mydomain.com;
access_log logs/mydomainX.log main;
location / {
proxy_pass http://127.0.0.1:9100;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/x.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/x.mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
所以,如果我在浏览器x.mydomain.com中打开,我会从Nginx获取状态代码502,但是,如果我直接使用IP打开:xxx.xxx.xxx.xxx.xxx:9100,那么我可以看到该网站。所以我必须在Nginx配置中出错,我缺少什么?感谢
答案 0 :(得分:0)
状态代码502显示nginx可以连接到代理上游,因此127.0.0.1:9100上游出现了问题。
如果对xxx.xxx.xxx.xxx.xxx:9100的请求正常,您可以将nginx配置更改为以下内容:
server {
listen 80;
server_name x.mydomain.com;
access_log logs/mydomainX.log main;
location / {
proxy_pass http://xxx.xxx.xxx.xxx.xxx:9100;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/x.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/x.mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
if ($scheme != "https") {
return 301 https://$host$request_uri;
} # managed by Certbot
}
如果你仍想使用127.0.0.1:9100 for proxy_pass,你应该检查你的应用程序,可能没有在127.0.0.1上绑定。