【问题标题】:Node.js Nginx LetsEncrypt Bad GatewayNode.js Nginx LetsEncrypt 坏网关
【发布时间】:2016-02-27 14:29:11
【问题描述】:

我正在使用 nginx 和 LetsEncrypt 设置 Node.js 应用程序。

我设置了它,但每次我尝试访问它时,它都会给我一个 502 Bad Gateway 错误。

Node.js 没有显示任何内容,所以我认为它甚至没有访问应用程序,检查了 nginx 日志并播下了这个......

2016/02/27 09:12:11 [error] 15706#0: OCSP_basic_verify() failed (SSL: error:27069076:OCSP routines:OCSP_basic_verify:signer certificate not found) while requesting certificate status, responder: ocsp.int-x1.letsencrypt.org
2016/02/27 09:12:11 [error] 15706#0: *1 upstream prematurely closed connection while reading response header from upstream, client: 212.121.109.65, server: gamepit.nl, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "gamepit.nl"
2016/02/27 09:12:11 [error] 15706#0: *1 upstream prematurely closed connection while reading response header from upstream, client: 212.121.109.65, server: gamepit.nl, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "gamepit.nl"
2016/02/27 09:12:11 [error] 15706#0: *1 upstream prematurely closed connection while reading response header from upstream, client: 212.121.109.65, server: gamepit.nl, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "gamepit.nl"
2016/02/27 09:12:11 [error] 15706#0: *1 upstream prematurely closed connection while reading response header from upstream, client: 212.121.109.65, server: gamepit.nl, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "gamepit.nl"

nginx 配置:

upstream app_gamepit {
        server 127.0.0.1:3000;
}

# the nginx server instance
server {
    listen 443 ssl;
    server_name gamepit.nl;
    access_log /var/log/nginx/gamepit.log;

    ssl on;
    gzip on;

    ssl_certificate /etc/letsencrypt/live/gamepit.nl/cert.pem;
    ssl_certificate_key /etc/letsencrypt/live/gamepit.nl/privkey.pem;

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/letsencrypt/live/gamepit.nl/fullchain.pem;

    # pass the request to the node.js server with the correct headers
    # and much more can be added, see nginx config options
    location / {
      proxy_pass https://app_gamepit/;
      proxy_redirect off;
    }
}

server {
    listen 443;
    server_name www.gamepit.nl;
    rewrite ^/(.*) https://gamepit.nl/$1 permanent;
}

Node.js 应用程序(非常小,因为我正在测试...)

var fs = require('fs');
var https = require('https');

var privateKey  = fs.readFileSync('/etc/letsencrypt/live/gamepit.nl/privkey.pem', 'utf8');
var certificate = fs.readFileSync('/etc/letsencrypt/live/gamepit.nl/fullchain.pem', 'utf8');
var ca = fs.readFileSync('/etc/letsencrypt/live/gamepit.nl/chain.pem', 'utf8');

var credentials = {key: privateKey, cert: certificate, ca: ca};

var app = require('express')();

app.use(function(req, res, next) {
        console.log('site call!', req.originalUrl);
        next();
});

app.get('/', function(req, res) {
        res.send('Hello World');
        res.end();
});

var https = https.createServer(credentials, app);

https.listen(3000,'127.0.0.1',  function() {
        console.log('running!');
});

【问题讨论】:

  • 为什么在nginx和node中都放key?
  • 因为一些教程告诉我:P 我可以检查这样做是否会有所不同,给我一点。
  • 当我删除关于 SSL 的行时,nginx 给了我一个 SSL 协议错误,所以 NGINX 需要了解 ssl 证书,并且 node.js 需要它们来加密,这就是我的想法:)跨度>
  • 您可以将 key/crt 放在 nginx 中,然后将请求代理到 Node(在普通的旧 http 中)。我推荐这个,因为我认为加密/缓存/等比应用逻辑低 :) 但是我有简单的 https 节点的应用程序,它在没有 nginx 的情况下运行得很好。

标签: node.js ssl express nginx lets-encrypt


【解决方案1】:

我发现了问题... github有问题

而不是

ssl_certificate /etc/letsencrypt/live/domain.com/cert.pem;

你应该使用

ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;

我不知道为什么,但现在可以了。

【讨论】:

  • 因为它包含证书和返回 CA 的链。
猜你喜欢
  • 2017-03-25
  • 2016-07-06
  • 1970-01-01
  • 1970-01-01
  • 2014-06-18
  • 1970-01-01
  • 2014-01-25
  • 2017-06-23
  • 2019-10-03
相关资源
最近更新 更多