Nginx + Node + DigitalOcean：连接到上游时，connect（）失败（111：连接被拒绝）

Question

我正在尝试使用Nginx将所有请求转发到我的域（sofy.site）到运行在我的Droplet上的Node应用程序。我还想使用SSL，因为由于某些限制因素，该应用只能在https上运行。

过去3-4个小时，我一直在执行此任务，但我不知道自己在做什么错。如果我在某处遇到某个问题，则可以解决该问题，但会提出另一个问题。任何帮助，将不胜感激。

这是我的服务器配置： 注意：我没有使用Nginx配置文件，而是在/ etc / nginx / sites-available /中有一个名为“ node”的文件，该文件已与/ etc下的同名文件链接/ nginx / sites-enabled/。

upstream sofy {
    server 127.0.0.1:3000;
}

server {
     listen 80;
     listen 433 ssl;

     server_name sofy.site;
     return 302 $scheme://www.sofy.site/$request_uri;
}

server {
    listen 80;
    listen 443 ssl; # managed by Certbot

    server_name www.sofy.site;  

    ssl_certificate /etc/letsencrypt/live/sofy.site/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/sofy.site/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

    # pass the request to the node.js server with the correct headers
    # and much more can be added, see nginx config options

    location / {
      proxy_set_header X-Forwarded-Proto https;
      proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
      proxy_set_header Host $http_host;
      proxy_redirect off;
      proxy_pass http://sofy;
      proxy_ssl_server_name on;
    }
}

当我尝试打开页面https://sofy.site时，显示错误“ 502 Bad gateway”（错误的502错误网关），并显示另一个文字“ nginx / 1.14.0（Ubuntu）”

这是/var/log/nginx/error.log的样子：

2019/08/04 15:54:35 [error] 27684#27684: *28 connect() failed (111: Connection refused) while connecting to upstream, client: 183.87.41.80, server: sofy.site, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:3000/favicon.ico", host: "www.sofy.site", referrer: "https://www.sofy.site/"
2019/08/04 15:55:04 [error] 27684#27684: *28 connect() failed (111: Connection refused) while connecting to upstream, client: 183.87.41.80, server: sofy.site, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:3000/", host: "www.sofy.site"
2019/08/04 15:55:05 [error] 27684#27684: *28 connect() failed (111: Connection refused) while connecting to upstream, client: 183.87.41.80, server: sofy.site, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:3000/favicon.ico", host: "www.sofy.site", referrer: "https://www.sofy.site/"
2019/08/04 15:56:22 [error] 27684#27684: *35 connect() failed (111: Connection refused) while connecting to upstream, client: 183.87.41.80, server: sofy.site, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:3000/", host: "www.sofy.site"
2019/08/04 15:56:22 [error] 27684#27684: *35 connect() failed (111: Connection refused) while connecting to upstream, client: 183.87.41.80, server: sofy.site, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:3000/favicon.ico", host: "www.sofy.site", referrer: "https://www.sofy.site/"
2019/08/04 15:56:22 [error] 27684#27684: *35 connect() failed (111: Connection refused) while connecting to upstream, client: 183.87.41.80, server: sofy.site, request: "GET / HTTP/1.1", upstream: "https://127.0.0.1:3000/", host: "www.sofy.site"
2019/08/04 15:56:23 [error] 27684#27684: *35 connect() failed (111: Connection refused) while connecting to upstream, client: 183.87.41.80, server: sofy.site, request: "GET /favicon.ico HTTP/1.1", upstream: "https://127.0.0.1:3000/favicon.ico", host: "www.sofy.site", referrer: "https://www.sofy.site/"

任何帮助将不胜感激，谢谢

Answer 1

我能够通过将其用作配置文件“节点”来修复它：

upstream sofy {
    server 127.0.0.1:3000
}

server {
    listen 80;
    listen 443 ssl; # managed by Certbot

    server_name sofy.site www.sofy.site;  

    # pass the request to the node.js server with the correct headers
    # and much more can be added, see nginx config options

    location / {
     proxy_pass http://sofy;
     proxy_ssl_session_reuse off;
    }

    ssl_certificate /etc/letsencrypt/live/sofy.site/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/sofy.site/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}