我有一个 ningx 反向代理服务器(在虚拟机上运行)。我需要它将 443 流量从子域转发到另一个运行 Jitsi 的虚拟机(这需要自己安装带有 SSL 证书验证的 nginx 才能运行)。
我对它应该如何工作感到困惑。过去一周我一直在阅读,我担心它超出了我的理解范围,除非有人能给我解释一下,我会非常感激!
https://meet.example.com-> 动态 DNS 域 --> nginx VM --> jitsi VM 也运行 nginx。
我不清楚应该在哪台机器上设置证书。是两台虚拟机吗?还是只在一台或另一台上设置?
我需要设置 80 端口转发,以尝试验证证书。以下是我所玩的所有内容。我感觉我已经力不从心了!
server {
listen 80;
server_name example.com www.example.com;
include snippets/letsencrypt.conf;
return 301 https://$host$request_uri;
}
server {
listen 80;
server_name meet.example.com;
location / {
proxy_pass http://192.168.1.33; # Jitsi server w/ nginx
}
}
server {
listen 443 ssl http2;
server_name www.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
include snippets/ssl.conf;
include snippets/letsencrypt.conf;
location / {
proxy_pass https://192.168.1.43:443; # this goes someplace else
}
}
server {
listen 443;
server_name meet.example.com;
location / {
proxy_pass https://192.168.1.33; # Jitsi server w/ nginx
}
}
答案1
我有一个与您类似的设置,我终于开始工作了。
我有两个 VM,其中一个(Web VM)充当 Jitsi VM 的反向代理。
以下是我的 Web VM 的内容:
Web 虚拟机:
server {
listen 443 ssl;
server_name jitsimeet.xxx.xxx;
ssl_certificate /usr/local/etc/letsencrypt/live/xxx.com/fullchain.pem;
ssl_certificate_key /usr/local/etc/letsencrypt/live/xxx.com/privkey.pem;
ssl_session_cache builtin:1000 shared:SSL:10m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/jitsimeet.access.log;
client_max_body_size 50m;
location / {
#insufficient
#proxy_pass https://192.168.xxx.xxx:4444;
#proxy_set_header X-Forwarded-For $remote_addr;
#Courtesy of: https://mangolassi.it/topic/18400/anyone-using-jitsi-behind-nginx
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass https://192.168.xxx.xxx:4444/;
proxy_read_timeout 90;
}
端口是 4444,因为如果您查看 jitsi nginx 安装,它可能具有以下配置文件:
/etc/nginx/sites-available/jitsimeet.xxx.xxx.conf
这表明它正在监听端口 4444:
server {
listen 4444 ssl http2;
listen [::]:4444 ssl http2;
server_name jitsimeet.xxx.xxx;
....
确保在 Jitsi 系统上打开端口 4444 的防火墙(这已经困扰了我一段时间):
ufw allow 4444
如果失败,尝试使用 CURL 进行一些测试:
curl --insecure https://192.168.xxx.xxx:443
确认您可以获得 Jitsi 页面或一些有用的错误消息。