Certbot / LetsEncrypt HTTPS for NGINX反向代理不起作用

时间:2019-03-02 23:22:47

标签: ssl nginx https

我一直试图为我的网站设置SSL无济于事。我在Ubuntu 18.04上使用NGINX作为两个NodeJS Express Web服务器的反向代理。我在these instructions之后使用了Certbot。但是,当尝试通过HTTPS访问我的站点时,出现“无法访问站点” /“花费太长时间来响应”错误。

这是我在/etc/nginx/sites-available中的NGINX配置:

server {

    listen [::]:443 ssl; # managed by Certbot
    listen 443 ssl;  # managed by Certbot
    server_name MYURL.com www.MYURL.com;

    ssl on;

    ssl_certificate /etc/letsencrypt/live/MYURL.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/MYURL.com/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    access_log /var/log/nginx/MYURL.access.log;
    error_log /var/log/nginx/MYURL.error.log;

    client_max_body_size 50M;

    location / {
            proxy_set_header Host $host;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header X-Forwarded-Proto $scheme;

            proxy_pass https://localhost:3001;
    }
}

当我将listen [::]:443 ssllisten 443 ssl行替换为listen 80;并尝试使用HTTP访问该站点时,它工作正常。

知道可能是什么问题吗?


编辑:另外,我觉得我应该提到我的UFW状态为22 / tcp(LIMIT),OpenSSH(ALLOW)和Nginx Full(ALLOW)以及它们的v6版本

1 个答案:

答案 0 :(得分:0)

事实证明,DigitalOcean防火墙不允许HTTPS连接。我允许使用HTTPS,并将proxy_pass https://localhost:3001;切换为http://,现在一切正常!