将SSL(PORT 443)添加到Nginx反向代理服务器(PORT 80)-Nginx配置文件

时间:2018-11-15 14:38:50

标签: node.js ssl nginx reverse-proxy certbot

使用Ubuntu,我使用Certbot生成了SSL。这已自动更新了我的Nginx配置文件并添加了其他监听端口。我担心是否只需要侦听一个PORT(80或443),而不是两者都侦听,但是我找不到有关是否需要删除侦听PORT 80的相关信息。请参阅下面的配置文件。 :

server {
    listen 80 default_server;
    listen [::]:80 default_server;

    root /var/www/html;

    server_name _;

    location / {
        proxy_pass http://localhost:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }
}

server {
    root /var/www/html;

    location / {
        try_files $uri $uri/ =404;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/my.domain.co.uk/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/my.domain.co.uk/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = my.domain.co.uk) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    listen 80 ;
    listen [::]:80 ;
    server_name my.domain.co.uk;
    return 404; # managed by Certbot
}

现在Certbot已将代码添加到单独的服务器块中,是否需要删除初始服务器块在端口80侦听的位置?我有一个问题,那就是一台旧服务器在使用时会在一夜之间崩溃,我觉得这与Nginx配置文件相关,类似于此。

很抱歉,如果这个问题很愚蠢,我对此不太满意,很不幸,发现它非常困难。谢谢您的见识。

1 个答案:

答案 0 :(得分:1)

您没有完全包含您想要的内容(例如,哪个应用程序应该在哪个端口上服务请求,以及HTTP请求应该执行什么操作),但是我会假设

  1. 所有端口80请求均为HTTP,所有443请求均为HTTPS。
  2. 您希望将所有HTTP请求重定向到HTTPS
  3. 所有HTTPS请求都应传递到节点

如果是这样,这可能就是您真正想要的:

server {
    root /var/www/html;
    server_name my.domain.co.uk;

    location / {
        proxy_pass http://localhost:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;
    }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/my.domain.co.uk/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/my.domain.co.uk/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
    if ($host = my.domain.co.uk) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    listen 80 ;
    listen [::]:80 ;
    server_name my.domain.co.uk;
    return 404; # managed by Certbot
}

第一个服务器块仅处理HTTPS请求,并将所有请求传递到节点。第二个服务器块仅处理HTTP请求,并将其重定向到HTTPS。

相关问题
最新问题