Nginx HTTPS 失败，但 node.js https 工作

Question

Nginx http 工作正常，但 https 失败。所以，我建立了一个 nodejs https 服务器。它工作，这意味着操作系统（CentOS 6.8）是好的。

Nginx 有什么问题？

nginx -V

nginx version: nginx/1.14.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC) 
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --with-ld-opt=' -Wl,-E'

nginx.conf

user  www;
worker_processes  1;

events {
    worker_connections  1024;
}


http {
    include       mime.types;
    default_type  application/octet-stream;

    log_format  main  '$request_time $remote_addr $remote_user [$time_local] $http_host "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';


    sendfile        on;
    keepalive_timeout  65;

    gzip  on;

    include /etc/nginx/conf.d/*.conf;
}

website.com.conf

server {
    listen 80;
    listen 443 ssl http2;
    server_name website.com;
    ssl on;
    index index.html index.htm;

    ssl_certificate   certs/website.com/214523442680009.pem;
    ssl_certificate_key  certs/website.com/214523442680009.key;
ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;  

    root "/var/www/website/";


        access_log /var/log/nginx/website.com-access.log main;
        error_log  /var/log/nginx/website.com-error.log error;
}

奇怪的是没有任何日志，既没有访问也没有错误日志。似乎该请求甚至在到达 Nginx 之前就已被阻止。但这没有意义，因为 nodejs 服务器工作正常。

远程登录

vagrant@homestead:/htdocs$ telnet website.com 443
Trying xx.xx.xxx.x...
Connected to website.com.
Escape character is '^]'.
Connection closed by foreign host.

网络统计

[root@iZ23foxgunwZ ~]# netstat -nap | grep :443
tcp        0      0 0.0.0.0:443                 0.0.0.0:*                   LISTEN      9932/nginx  

nodejs 脚本

var https = require('https');
const fs = require('fs');

https.createServer({
host: 'deyuapi.com',   
key: fs.readFileSync('/etc/nginx/certs/website.com/214523442680009.key'),
  cert: fs.readFileSync('/etc/nginx/certs/website.com/214523442680009.pem')
}, function (request, response) {

    response.writeHead(200, {'Content-Type': 'text/plain'});

    response.end('Hello World\n');
}).listen(443);

这不是我第一次使用 Nginx 设置 ssl。但是这种情况让我很困惑。

任何建议将不胜感激。提前致谢。

Answer 1

你必须定义一个位置，这使得 nginx 作为反向代理工作

location / {
        proxy_pass http://your_server_ip:your_port;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header X-Forwarded-Proto $scheme;
    }