目前,我正在使用 AWS Ubuntu EC2 实例,在端口 3000 上运行 Node.js 应用程序,该实例具有 Nginx 反向代理。我一直在尝试启用 HTTPS 并添加 SSL 证书,并且我成功了,nginx.conf 文件中没有任何错误。但是,我正在将我的主要网站“example.com”重定向到 AWS 服务器的公共 DNS,当我尝试加载“http://example.com“ 或者 ”https://example.com“页面时,我从 Firefox(我的测试浏览器)收到“无法连接”错误。此外,当我运行时sudo nginx -t
,配置文件中没有语法错误,当我检查文件时/var/log/nginx/error.log
它是空的。下面是我当前的 nginx.conf 文件。
更新:我将 server_name 从 更改example.com
为我的服务器的公共 DNS,我们将其称为amazonaws.com
。现在,当我输入时,https://amazonaws.com
页面会加载,并且通过 ssllabs.com 运行网站时会显示 SSL 证书。但是,当我输入amazonaws.com
或 时,http://amazonaws.com
我会像以前一样看到空白页。
user root;
worker_processes 1;
error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;
events {
# max_clients = worker_processes * worker_connections / 4
worker_connections 1024;
}
http {
## Size Limits
#client_body_buffer_size 8k;
#client_header_buffer_size 1k;
#client_max_body_size 1m;
#large_client_header_buffers 4 4k/8k;
# Timeouts, do not keep connections open longer then necessary to reduce
# resource usage and deny Slowloris type attacks.
client_body_timeout 3s; # maximum time between packets the client can pause when sending nginx any data
client_header_timeout 3s; # maximum time the client has to send the entire header to nginx
keepalive_timeout 75s; # timeout which a single keep-alive client connection will stay open
send_timeout 9s; # maximum time between packets nginx is allowed to pause when sending the client data
spdy_keepalive_timeout 123s; # inactivity timeout after which the SPDY connection is closed
spdy_recv_timeout 4s; # timeout if nginx is currently expecting data from the client but nothing arrives
include mime.types;
default_type application/octet-stream;
sendfile on;
charset utf-8;
ignore_invalid_headers on;
max_ranges 0;
msie_padding off;
open_file_cache max=1000 inactive=2h;
open_file_cache_errors on;
open_file_cache_min_uses 1;
open_file_cache_valid 1h;
reset_timedout_connection on;
server_tokens off;
gzip on;
gzip_comp_level 6;
gzip_vary on;
gzip_min_length 1000;
gzip_proxied any;
gzip_types text/plain text/css application/json application/x-javascript text/xml application/xml application/xml+rss text/javascript;
gzip_buffers 16 8k;
add_header X-Content-Type-Options nosniff;
add_header X-XSS-Protection "1; mode=block";
## Proxy settings. Make sure the "timeout"s are long enough to
## take account of over loaded back end servers or long running
## cgi scripts. If the proxy timeout is too short the nginx proxy
## might re-request the data over and over again, putting more
## load on the back end server.
proxy_max_temp_file_size 0;
proxy_connect_timeout 900;
proxy_send_timeout 900;
proxy_read_timeout 900;
proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;
proxy_intercept_errors on;
# backend applications
upstream nodes {
server 127.0.0.1:3000;
keepalive 64;
}
map $scheme $hsts_header {
https max-age=31536000;
}
server {
server_name amazonaws.com;
listen 80;
return 301 https://$host$request_uri;
}
server {
server_name amazonaws.com;
listen 443 ssl spdy default_server;
ssl_certificate /etc/nginx/ssl/example_com.crt;
ssl_certificate_key /etc/nginx/ssl/example_com.key;
# enable session resumption to improve https performance
ssl_session_cache shared:SSL:50m;
ssl_session_timeout 5m;
# Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
ssl_dhparam /etc/nginx/ssl/dhparam.pem;
# Enables server-side protection from BEAST attacks, disables SSLv3 and ciphers chosen for forward secrecy and compatibility
ssl_prefer_server_ciphers on;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers "ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA256:DHE-RSA-AES128-SHA256:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:ECDHE-RSA-DES-CBC3-SHA:EDH-RSA-DES-CBC3-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:DES-CBC3-SHA:HIGH:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4";
# Enable OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
ssl_trusted_certificate /etc/nginx/ssl/private/example_com_full.crt;
add_header Cache-Control "public";
add_header Strict-Transport-Security $hsts_header;
expires 1h;
server_name amazonaws.com;
# everything else goes to backend node apps
location / {
proxy_pass http://nodes;
proxy_redirect off;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $host;
proxy_set_header X-NginX-Proxy true;
proxy_set_header Connection "";
proxy_http_version 1.1;
}
}
}
答案1
您的server
HTTP 块缺少server_name
指令,并且没有指定server
带有指令的块default_server
。
Host:
在这种情况下,nginx 的默认行为是匹配没有标头的请求。
server_name
将指令添加到 HTTP 服务器块后,您的配置应该可以正常工作。