我一直试图为我的网站设置SSL无济于事。我在Ubuntu 18.04上使用NGINX作为两个NodeJS Express Web服务器的反向代理。我在these instructions之后使用了Certbot。但是,当尝试通过HTTPS访问我的站点时,出现“无法访问站点” /“花费太长时间来响应”错误。
这是我在/etc/nginx/sites-available
中的NGINX配置:
server {
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
server_name MYURL.com www.MYURL.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/MYURL.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/MYURL.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
access_log /var/log/nginx/MYURL.access.log;
error_log /var/log/nginx/MYURL.error.log;
client_max_body_size 50M;
location / {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://localhost:3001;
}
}
当我将listen [::]:443 ssl
和listen 443 ssl
行替换为listen 80;
并尝试使用HTTP访问该站点时,它工作正常。
知道可能是什么问题吗?
编辑:另外,我觉得我应该提到我的UFW状态为22 / tcp(LIMIT),OpenSSH(ALLOW)和Nginx Full(ALLOW)以及它们的v6版本
答案 0 :(得分:0)
事实证明,DigitalOcean防火墙不允许HTTPS连接。我允许使用HTTPS,并将proxy_pass https://localhost:3001;
切换为http://
,现在一切正常!