我已经为此挣扎了几个小时。我知道我在这里忽略了一些简单的东西,因为在我的本地主机上,一切都以 SSL 的形式运行,使用自产证书,而且在本地主机上运行完全正常。
问题是 - 当我通过 HTTPS 访问 url produktivv.com/api/testme 时,代理不起作用,也没有响应。但是,当我取消 SSL - 并通过 HTTP 访问时,它工作正常。
在堆栈上使用 docker-compose。我有一个 node.js 后端和一个 react 前端。我已经设置了 letsencrypt 证书等,并且确实加载了前端,但我似乎无法访问
使用此 NGINX 配置可以正常工作
upstream client {
server client:3000;
}
upstream api {
server api:5000;
}
server {
listen 80;
location / {
proxy_pass http://client;
}
location ~ /.well-known/acme-challenge {
allow all;
root /usr/share/nginx/html;
}
location /sockjs-node {
proxy_pass http://client;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /api {
proxy_pass http://api;
}
location /auth {
proxy_pass http://api;
}
}
不适用于此配置。
upstream client {
server client:3000;
}
upstream api {
server api:5000;
}
server {
listen 80;
listen [::]:80;
server_name produktivv.com www.produktivv.com;
location / {
rewrite ^ https://$host$request_uri? permanent;
}
#for certbot challenges (renewal process)
location ~ /.well-known/acme-challenge {
allow all;
root /data/letsencrypt;
}
}
#https://produktivv.com
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name produktivv.com;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/produktivv.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/produktivv.com/privkey.pem;
ssl_buffer_size 8k;
ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
return 301 https://www.produktivv.com$request_uri;
}
#https://www.produktivv.com
server {
server_name www.produktivv.com;
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_tokens off;
ssl_buffer_size 8k;
ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
ssl_certificate /etc/letsencrypt/live/produktivv.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/produktivv.com/privkey.pem;
location / {
proxy_pass http://client;
}
location /sockjs-node {
proxy_pass http://client;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
}
location /api {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://api;
}
location /auth {
proxy_set_header X-Forwarded-For $remote_addr;
proxy_set_header Host $http_host;
proxy_pass http://api;
}
}
Docker Compose 文件。