要正确配置,这有点棘手。
所以我有一个Nginx服务器充当另一个服务器的反向代理。我设法在成功生成证书的“其他服务器”上运行“让我们加密”。但是,当我在浏览器中输入主机名时,看到错误消息:“此站点无法提供安全连接。ERR_SSL_PROTOCOL_ERROR”。
不知道我在这里配置错误了什么。
这是Nginx代理的配置;
server {
# http
listen 80;
# https
listen 443;
server_name other-server.example.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://{Static Internal IP}:$server_port;
}
}
这是“其他服务器”上的Nginx配置;
server {
server_name other-server.example.com;
root /usr/share/nginx/html/;
location ~ /.well-known/acme-challenge {
allow all;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/other-server.example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/other-server.example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security "max-age=31536000" always; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/other-server.example.com/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
}
server {
if ($host = other-server.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
listen [::]:80;
server_name other-server.example.com;
root /usr/share/nginx/html/;
location ~ /.well-known/acme-challenge {
allow all;
}
}