好的,我最近在我的服务器上设置了 Ubuntu (node.js) w. Nginx 和 SSL (letsencrypt),并且一切都运行正常。
我有 3 个 server{} 块。
将所有非 www 请求重定向到 www
一个将端口 80 上的所有调用重定向到 https://
设置一个反向代理来为 SSL 和节点提供服务,等等。
一切都按上述方式运行,但是,重启 ubuntu 后,只有第三个(服务 SSL)在运行,现在它完全忽略了第一个和第二个,尽管 nginx 运行没有错误(这就是第三个块起作用的原因)。因此,它不再将非 www 重定向到 www 和将 http 重定向到 https,但是,当我直接从 https 访问时,它运行正常。不确定发生了什么以及为什么重启后会发生这种情况。
以下是位于 /etc/nginx/sites-enabled/default 的代码:
# Redirect non-www to www
server {
server_name mydomain.com;
return 301 https://$host$request_uri;
}
# HTTP - redirect all traffic to HTTPS
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
}
# HTTPS - proxy all requests to the Node app
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:433 ssl http2;
server_name www.mydomain.com;
# Use the Let's Encrypt certificates
ssl_certificate /etc/letsencrypt/live/www.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.mydomain.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host @http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
答案1
# Redirect non-www to www
server {
server_name mydomain.com;
return 301 https://$host$request_uri;
}
您缺少listen此块中的 SSL 证书指令。它应该是这样的:
# Redirect non-www to www
server {
listen 443 ssl http2;
server_name mydomain.com;
# Use the Let's Encrypt certificates
ssl_certificate /etc/letsencrypt/live/www.mydomain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.mydomain.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
return 301 https://$host$request_uri;
}
此外,在您的主服务器块中,您拥有:
listen 443 ssl http2;
listen [::]:433 ssl http2;
你应该有这些:
listen 443 ssl http2;
listen [::]:443 ssl http2 ipv6only=yes;