我有一个运行nginx的VPS服务器,也有一个在端口8000上运行的节点应用程序。nginx服务器容纳了我的PHP应用程序,并且在默认的Web服务器端口上运行良好。
我有一个指向服务器ip的自定义domainame。
我已经安装了加密功能,可以处理我的https流量,它适用于我的php应用程序。
我必须在端口8080上捕获https流量,并将请求转发到端口8000上的我的节点应用程序。
我已经尝试了大多数东西stackoverflow。我不知道我在做什么错。
下面是我的nginx服务器块外观的副本。
server {
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/repairspots.org/fullchain.pem; # managed$
ssl_certificate_key /etc/letsencrypt/live/repairspots.org/privkey.pem; # manag$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
// i need to get this portion right
server {
listen [::]:8080 ssl ipv6only=on; # managed by Certbot
listen 8080 ssl;
server_name 0.0.0.0;
ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem; # managed$
ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem; # manag$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
error_page 497 https://0.0.0.0:8080$request_uri;
# pass requests to port 8000 where our other node server is running
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://0.0.0.0:8000;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
答案 0 :(得分:0)
我可以通过以下解决此问题。
我创建了/etc/nginx/conf.d/proxy.conf并将其粘贴在下面的服务器块中。
server {
listen 8080 ssl;
listen [::]:8080 ssl ipv6only=on;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed$
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # manag$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
error_page 497 https://$host:$server_port$request_uri;#enforces https redirect on http traffic
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_ssl_session_reuse off;
proxy_set_header X-Forwarded-Ssl on; #needed incase redirects comes from http
proxy_set_header X-NginX-Proxy true;
rewrite ^/?(.*) /$1 break;
proxy_pass http://127.0.0.1:8000; #node server
proxy_redirect off;
}
}
这是我以前根本没有做过的一件事。您需要在您正在监听的端口上接受互联网流量。使用端口号内联运行以下命令。
sudo iptables -A INPUT -p tcp --dport 9000 -j ACCEPT