先说说我的水平,我是一个 Raspberry Pi 和 Linux 实验者,而不是一个经验丰富的网络管理员。为了达到这个水平,我使用了网络和一些教程。我正在学习,但有时我会在没有完全理解说明的情况下跟着做。
我在本地网络上设置了一个 NginX 反向代理服务器 (RPS)。该网络上有多个具有外部 IP 地址的 Web 服务器:两个在 Windows Server IIS 上(mydomain 和 mydomain3),一个在 Linux Apache 上(mydomain2),一个在运行 NginX 的 Pi 上(newdomain)。对于前三个,RPS 运行正常,但对于 NginX Pi Web 则不行。IIS 和 Apache Web 没有安装 SSL 证书。但是,NginX 服务器安装了 LetsEncrypt SSL 证书。
当我们到达www.newdomain.xxx使用 Firefox 从 Web 访问时,我们收到“安全连接失败”消息。使用 Edge 访问时,我们收到“嗯……无法访问此页面。连接已重置。”。但是,直接从本地网络访问时,即绕过 RPS,它可以正常工作,返回我的 PHP 索引页。
我们怀疑这可能与 NginX Web 服务器上的 SSL 证书有关,但不在 RPS 服务器上???
感谢对这个问题的任何想法/帮助....RDK
以下是 RPS 和 NginX Web 服务器的配置文件:
反向代理服务器conf文件:
猫/etc/nginx/sites-enabled/rev-proxy.conf
proxy_http_version 1.1;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
log_format xxx '$remote_user $remote_port $remote_addr $host [$time_local] '
'"$uri" $server_protocol $status $body_bytes_sent '
'"$http_user_agent"';
upstream www.mydomain.xxx {
server 10.0.45.121:80;
}
upstream www.mydomain2.xxx {
server 10.0.45.52:80;
}
upstream www.mydomain3.xxx {
server 10.0.45.121:80;
}
server {
listen 80;
server_name www.mydomain.xxx;
access_log /var/log/nginx/x1_access.log xxx;
location / {
proxy_pass http://www.mydomain.xxx;
}
}
server {
listen 80;
server_name www.mydomain2.xxx;
access_log /var/log/nginx/x2_access.log xxx;
location / {
proxy_pass http://www.mydomain2.xxx;
}
}
server {
listen 80;
server_name newdomain.xxx www.newdomain.xxx;
access_log /var/log/nginx/xn_access.log xxx;
location / {
proxy_pass http://10.0.45.125:80;
}
}
server {
listen 80;
server_name mydomain3.xxx www.mydomain3.xxx;
access_log /var/log/nginx/x3_access.log xxx;
location / {
proxy_pass http://www.mydomain3.xxx;
}
}
NewDomain NginX 网络服务器配置文件
cat /etc/nginx/sites-enabled/newdomain.xxx
log_format xxx1 '$remote_user $remote_addr $host [$time_local] '
'"$uri" $server_protocol $status $body_bytes_sent '
'"$http_user_agent"';
server {
server_name newdomain.xxx www.newdomain.xxx mail.newdomain.xxx;
index index.php index.html index.htm;
access_log /var/log/nginx/XL_EM_access.log xxx1;
root /var/www/newdomain.xxx/public-html;
include /etc/nginx/template/letsencrypt.conf;
# Not passing files from this directory to php-fpm
# serving them as static content instead
location ^~ /uploads/ {}
charset utf-8;
fastcgi_intercept_errors on;
error_log /var/log/nginx/error.log error;
location / {
try_files $uri $uri/ /index.php?$query_string;
}
location ~ \.php$ {
try_files $uri /index.php =404;
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/newdomain.xxx/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/newdomain.xxx/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = mail.newdomain.xxx) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = www.newdomain.xxx) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = newdomain.xxx) {
return 301 https://$host$request_uri;
} # managed by Certbot
access_log /var/log/nginx/XL_EM_access.log xxx1;
error_log /var/log/nginx/error.log error;
listen 80 default_server;
listen [::]:80 default_server;
server_name newdomain.xxx www.newdomain.xxx mail.newdomain.xxx;
return 404; # managed by Certbot