nginx和SSL:502坏网关

时间:2018-01-24 02:17:18

标签: ssl nginx

我真的希望你们能帮助我。我迷失了设置ssl的不同指南。

当我尝试访问我的网站时,我得到502 Bad Gateway。普通的旧nginx工作正常,没有强制ssl的“简单”ssl也可以正常工作。

以下是我的配置文件。

default.conf

## http://xn--srentorp-54a.dk redirects to https://xn--srentorp-54a.dk
server {
    listen 80;
    listen [::]:80;
    server_name xn--srentorp-54a.dk;

    include /etc/nginx/snippets/letsencrypt.conf;

    location / {
        return 301 https://xn--srentorp-54a.dk$request_uri;
    }
}

## http://www.xn--srentorp-54a.dk redirects to https://www.xn--srentorp-54a.dk
server {
    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;
    server_name www.xn--srentorp-54a.dk;

    include /etc/nginx/snippets/letsencrypt.conf;

    location / {
        return 301 https://www.xn--srentorp-54a.dk$request_uri;
    }
}

## https://xn--srentorp-54a.dk redirects to https://www.xn--srentorp-54a.dk
server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name xn--srentorp-54a.dk;

    ssl_certificate /etc/letsencrypt/live/xn--srentorp-54a.dk/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xn--srentorp-54a.dk/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/xn--srentorp-54a.dk/fullchain.pem;
    include /etc/nginx/snippets/ssl.conf;

    location / {
        return 301 https://www.xn--srentorp-54a.dk$request_uri;
    }
}

## Serves https://www.xn--srentorp-54a.dk
server {
    server_name www.xn--srentorp-54a.dk;
    listen 443 ssl http2 default_server;
    listen [::]:443 ssl http2 default_server ipv6only=on;

    ssl_certificate /etc/letsencrypt/live/xn--srentorp-54a.dk/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xn--srentorp-54a.dk/privkey.pem;
    ssl_trusted_certificate /etc/letsencrypt/live/xn--srentorp-54a.dk/fullchain.pem;
    include /etc/nginx/snippets/ssl.conf;


        root /var/www/;
        index index.html index.php;
        location / {
                try_files $uri $uri/ =404;
        }

        location ~ \.php$ {
            fastcgi_split_path_info ^(.+\.php)(/.+)$;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            include fastcgi.conf;
        }
            location ~/\.ht {
                deny all;
        }
}

server {
        listen 80;
        server_name torpinc.xn--srentorp-54a.dk;
        location / {
                proxy_pass http://localhost:8081;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_connect_timeout 150;
                proxy_send_timeout 100;
                proxy_read_timeout 100;
                proxy_buffers 4 32k;
                client_max_body_size 8m;
                client_body_buffer_size 128k;
        }
}

server {
        listen 80;
        server_name perpt.xn--srentorp-54a.dk;

        location / {
                proxy_pass http://localhost:8082;
                proxy_set_header Host $host;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_connect_timeout 150;
                proxy_send_timeout 100;
                proxy_read_timeout 100;
                proxy_buffers 4 32k;
                client_max_body_size 8m;
                client_body_buffer_size 128k;
        }
}

letsencrypt.conf

location ^~ /.well-known/acme-challenge/ {
        default_type "text/plain";
        root /var/www/letsencrypt;
}

的ssl.conf

sl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;

ssl_protocols TLSv1.2;
ssl_ciphers EECDH+AESGCM:EECDH+AES;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;

ssl_stapling on;
ssl_stapling_verify on;

add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;

1 个答案:

答案 0 :(得分:0)

就我而言,我需要完全删除 apache,因为我的配置是使用 nginx

sudo service apache2 stop
sudo apt-get purge apache2 apache2-utils apache2.2-bin apache2-common
sudo apt-get autoremove
sudo rm -rf /etc/apache2