我有一个使用ssl在AWS linux服务器上运行的节点js应用程序。我想实现nginx。我用谷歌搜索并阅读如果我在nginx中实现ssl,那么节点应用程序在http上运行。所以我按如下方式配置了nginx conf,并使用普通的http server运行节点js应用程序:
listen 443 ssl;
server_name myserver.com;
ssl_certificate myserver.chained.crt;
ssl_certificate_key myserver.key;
ssl_client_certificate myserver.crt;
ssl_verify_client optional;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header VERIFIED $ssl_client_verify;
proxy_set_header DN $ssl_client_s_dn;
proxy_pass http://127.0.0.1:3000;
}
现在,应用程序正在http和https上运行。我希望通过ssl实现nginx,并且只在https上运行应用程序。 我的做法是对的吗?我错过了什么?
答案 0 :(得分:1)
我看到你在端口3000上运行了应用程序,你想要做的只是在https上运行是为了阻止端口3000上的所有请求到服务器(使用防火墙或security group rules in aws),对于端口80上的每个请求,您都希望将它们重定向到https版本(端口443)。像这样:
server {
listen 80;
server_name my.domain.com;
return 301 https://$server_name$request_uri;
}
答案 1 :(得分:0)
upstream app
{
server 127.0.0.1:3000;
}
server
{
listen 80;
listen 443 ssl;
server_name www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
client_header_buffer_size 64k;
large_client_header_buffers 4 64k;
if ($scheme = http) {
return 301 https://$server_name$request_uri;
}
location ~ ^/(assets/|images/|img/|javascript/|js/|css/|stylesheets/|flash/|media/|static/|robots.txt|humans.txt|favicon.ico) {
root /var/www/example.com/public/;
access_log off;
expires 24h;
}
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://app$uri$is_args$args;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}