letsencrypt nginx反向代理

时间:2018-05-05 08:13:43

标签: nginx lets-encrypt

我正在使用centos6 linux vps,我在我的服务器上安装了nginx。我已经安装了letsencrypt SSL证书。但问题是,当我访问我的网站www.mywebsite.com时,它会显示SECURE,但是当我访问www.mywebsite.com/otherpages时,它会显示Insecure和letsencrypt证书无效。

“/etc/nginx/conf.d/default.conf”的配置

server {
listen      80  default_server;
#  listen       [::]:80 default_server;
server_name  _;
root         /usr/share/nginx/html;

# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;

location / {
}

error_page 404 /404.html;
    location = /40x.html {
}

error_page 500 502 503 504 /50x.html;
    location = /50x.html {
}

/etc/nginx/sites-available/quiznou.com.conf的配置

   server {
    listen     80    ;
    server_name quiznou.com www.quiznou.com;
    return 301 https://$server_name$request_uri;
  }
   server{
  listen 443 ssl http2;
   server_name quiznou.com www.quiznou.com;
  ssl on;
 ssl_certificate /etc/letsencrypt/live/quiznou.com/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/quiznou.com/privkey.pem;
 ssl_session_timeout 5m;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
 ssl_prefer_server_ciphers on;
 ssl_session_cache shared:SSL:10m;

 location / {
 proxy_pass http://localhost:8080;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
      proxy_cache_bypass $http_upgrade;
 }
 location ~ /.well-known {
            allow all;
    }
  location /.well-known/acme-challenge/ {
            root       /var/www/quiznou.com;
    }

  }

1 个答案:

答案 0 :(得分:0)

这是我自己的NGINX配置文件,作为revers_proxy:但是我正在使用配置代理某些docker。我直接修改了/etc/nginx/default.conf,以代理apache web page,我已经在nginx中创建了一个VHost。

如果可以帮助您。

server {
listen       80;
listen  443 ssl;
server_name  some.name.com;
server_tokens off;

## Certificates
ssl_certificate /etc/letsencrypt/live/some.name.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/some.name.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/some.name.com/chain.pem;
if ($scheme = http){

return 301 https://$server_name$request_uri;
}
location / {
proxy_pass http://IP_du_serveur:port;
}

## Protocol
ssl_protocols TLSv1.2;

## Diffie-Hellman
ssl_ecdh_curve secp384r1;

## Ciphers
ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
ssl_prefer_server_ciphers on;

# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;

## TLS parameters
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_session_tickets off;

## HSTS
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains;   preload";
}
相关问题
最新问题