Nginx服务器将自定义端口上的请求转发到节点应用

时间:2018-07-14 01:52:12

标签: node.js ssl nginx reverse-proxy

我有一个运行nginx的VPS服务器,也有一个在端口8000上运行的节点应用程序。nginx服务器容纳了我的PHP应用程序,并且在默认的Web服务器端口上运行良好。

我有一个指向服务器ip的自定义domainame。

我已经安装了加密功能,可以处理我的https流量,它适用于我的php应用程序。

我必须在端口8080上捕获https流量,并将请求转发到端口8000上的我的节点应用程序。

我已经尝试了大多数东西stackoverflow。我不知道我在做什么错。

下面是我的nginx服务器块外观的副本。

 server {
       listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/repairspots.org/fullchain.pem; # managed$
    ssl_certificate_key /etc/letsencrypt/live/repairspots.org/privkey.pem; # manag$
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
    }




// i need to get this portion right

server {
  listen [::]:8080 ssl ipv6only=on; # managed by Certbot
  listen 8080 ssl;
  server_name 0.0.0.0;

  ssl_certificate /etc/letsencrypt/live/example.org/fullchain.pem; # managed$
  ssl_certificate_key /etc/letsencrypt/live/example.org/privkey.pem; # manag$
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  error_page  497 https://0.0.0.0:8080$request_uri;

  # pass requests to port 8000 where our other node server is running
  location / {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-NginX-Proxy true;
    proxy_pass http://0.0.0.0:8000;
    proxy_ssl_session_reuse off;
    proxy_set_header Host $http_host;
    proxy_cache_bypass $http_upgrade;
    proxy_redirect off;
  }
}

1 个答案:

答案 0 :(得分:0)

我可以通过以下解决此问题。

我创建了/etc/nginx/conf.d/proxy.conf并将其粘贴在下面的服务器块中。

server {
    listen 8080 ssl;
    listen [::]:8080 ssl ipv6only=on;

  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed$
  ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # manag$
  include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
  ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

  error_page 497  https://$host:$server_port$request_uri;#enforces https redirect on http traffic

   location / {
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $http_host;
        proxy_ssl_session_reuse off;
        proxy_set_header X-Forwarded-Ssl on; #needed incase redirects comes from http
        proxy_set_header X-NginX-Proxy true;
        rewrite ^/?(.*) /$1 break;
        proxy_pass http://127.0.0.1:8000; #node server
        proxy_redirect off;

    }


}

这是我以前根本没有做过的一件事。您需要在您正在监听的端口上接受互联网流量。使用端口号内联运行以下命令。

sudo iptables -A INPUT -p tcp --dport 9000 -j ACCEPT