我已经看到了大量有关反向代理和Nginx的信息,但是我对如何实现有些迷茫。我正在运行两个单独的EC2实例(前端和后端,后端运行pm2)。我在前面使用LetsEncrypt建立了SSL,由于混合内容,它不允许我打后端。我该怎么办?
nginx.conf
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name domain;
location / {}
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name localhost;
root /insert/root/here;
ssl_certificate "/path/to/cert";
ssl_certificate_key "/path/to/key";
ssl_session_cache shared:SSL:1m;
ssl_session_timeout 10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers HIGH:SEED:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!RSAPSK:!aDH:!aECDH:!EDH-DSS-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!SRP;
ssl_prefer_server_ciphers on;
include /etc/nginx/default.d/*.conf;
location / {
}
error_page 404 /404.html;
location = /40x.html {
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
}
答案 0 :(得分:0)
浏览器似乎抱怨您的html内容,因为它具有对外部资源(例如javascript,字体等)的硬编码“ http://”引用。 这并不意味着由于此“混合内容”问题而无法到达后端。
我在配置中没有看到proxy_pass(或fastcgi_pass)指令(它将指令传递给上游后端服务器),所以这可能是您无法到达后端的真正原因。
您的配置应如下所示:
server {
listen 443 ssl;
root /here/are/your/static/files/; # here you can place static html, css, js etc files from your backend to offload backend from serving static files - nginx will take care of them.
...
location / {
#this means that nginx will forward requests to backend server in case request does not match local static file.
try_files $uri $uri/ @backend;
}
location @backend {
#....
proxy_pass http://backend-server-ip-address:backend-port
}
}