我已经使用Certbot Nginx将我的Nginx安装到Ubuntu 18.04。我还使用Certbot来获取LetsEncrypt证书。
我使用基本配置,例如使用tcp 80和433,因此可以同时获取http和https。大多数配置由Certbot完成。
我的域为http://example.com,并提供静态页面。 Bu我也有一个文件夹,可以用http://example.com/myfolder来命名。
安装nginx之后,我尝试对本地rest_api服务使用proxy_pass和https。
如果我输入http://127.0.0.1:1024/myfolder,那么我可以看到rest-api的工作原理。
如果我输入https://example.com/myfolder,则不会激活n proxy_pass。 mystic.com已经注册,并且可以工作8个月以上。所有dns配置均正常运行。另外,nginx letsencrypt也可以正常工作。 1周前,我的证书会自动更新(每90天)。
我的Nginx配置如下。我的nginx版本是1.15.10。
try_files $uri $uri/ =404;以显示var/www/html/index.html? server {
charset UTF-8;
listen 80 ;
listen [::]:80 ;
server_name example.com; # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
return 404; # managed by Certbot
}
server {
charset UTF-8;
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
server_name example.com; # managed by Certbot
ssl_certificate /mypath/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /mypath/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri $uri/ =404;
proxy_pass http://127.0.0.1:1024/;
}
}
答案 0 :(得分:3)
尝试像这样更改您的基本Nginx配置,然后从certbot安装LetsEncrypt证书:
server {
listen 80;
server_name example.com;
location / {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "http://127.0.0.1:1024";
}
location /admin {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "http://192.168.2.1:8080";
}
location /user {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass "http://192.168.2.1:1024";
}
}
它对于certbot来说非常适合我。不要忘记在测试配置之前重新加载nginx服务。