使用proxy_pass会影响letsencrypt的安装吗?

时间:2017-02-14 05:51:07

标签: ssl nginx ssl-certificate digital-ocean lets-encrypt

我有一个网站,例如。 domain.net 并已在我的nginx / centos服务器上成功运行certbot / letsencrypt安装。

域名安全且看起来很棒。现在我已经添加了一个鬼博客到我想要加密的网站,例如。 blog.domain.net。

此博客设置在与原始网站不同的根文件夹上,但设置相同的服务器。我正在使用proxy_pass:2000来设置子域。

现在我唯一改变的是我添加了

location ~ /.well-known {
allow all;
}

到我的sites-available nginx中的blog.domain.net.conf文件。 我也尝试将此添加到conf.d / domain.net.conf文件中,但没有用:(

每当我按照安装说明运行certbot时,它就会输出此错误。 

Failed authorization procedure. blog.domain.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blog.domain.net/.well-known/acme-challenge/FVQmSHuCmeiOObPDOCiD2OFP8Ivvst5n2ZwIZoeXGU8: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: blog.domain.net
   Type:   unauthorized
   Detail: Invalid response from
   http://blog.domain.net/.well-known/acme-challenge/FVQmSHuCmeiOObPDOCiD2OFP8Ivvst5n2ZwIZoeXGU8:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

非常感谢任何帮助!

谢谢

  • 编辑*

sites-available / blog.domain.net.conf中的代码

server {
    listen       80;
    server_name  blog.domain.net www.blog.domain.net;

    # note that these lines are originally from the "location /" block
    root  /var/www/blog.domain.net/html;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header HOST $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://127.0.0.1:2000;
        proxy_redirect off;
  }

    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

conf.d / blog.domain.net.conf中的代码

# upstream ghost {
#    server 127.0.0.1:2000;
# }

server {
    listen      80;
    server_name blog.domain.net;

    access_log  /var/log/nginx/ghost.access.log;
    error_log   /var/log/nginx/ghost.error.log;

    proxy_buffers 16 64k;
    proxy_buffer_size 128k;

    location ~ /.well-known {
       /var/www/blog.domain.net/html;
    }

location / {
        proxy_pass  http://127.0.0.1:2000;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;

        proxy_set_header    Host            $host;
        proxy_set_header    X-Real-IP       $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto https;
    }

}

1 个答案:

答案 0 :(得分:1)

我认为您正在运行带有--web-root选项的Letsencrypt安装,如果是这样,请将web root设置为var object1 = $("#object1"); var object2 = $("#object2"); object1.click(function(ev) { object2.toggle(ev); }); 或放置HTML内容的路径;那么

/var/www/html/

此位置块应放在location ~ /.well-known { root /var/www/html; } 之上的所有其他位置,您可以在其中指定location /选项,我已经回答了一个letsencrypt问题here,请使用您的安装命令进行检查。

相关问题
最新问题