【发布时间】:2017-05-04 23:33:56
【问题描述】:
我想将example.com 指向localhost:3000 和api.example.com 指向localhost:3010。按照this 和this 教程,我设法让它工作,但它不是很安全。你们知道如何将其仅限于 https 吗?如果我转到http://example.com,Chrome 中的 URL 会显示“不安全”。
这是我的默认站点 Nginx 配置(/etc/nginx/sites-enabled/default 中的那个):
server {
# HTTP — redirect all traffic to HTTPS
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
}
在 /etc/nginx/conf.d/example.com.conf 中创建一个配置文件
server {
server_name example.com;
# Use SSL certificates from Letsencrypt
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# Include SSL config from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
在 /etc/nginx/conf.d/api.example.com.conf 中创建另一个配置文件
server {
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3010/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
【问题讨论】:
-
你能详细说明你的 nginx 服务器的当前行为吗?
-
使用
nginx -T测试配置。您似乎有两个缺少server_name指令的服务器块。