曾经有一段美好时光,我有一个很好的三人配置Node.js 库,socket.io运行于同一Ubuntu 16.4 LTS VPS服务器PM2用于流程管理和Nginx用于反向代理到三个不同的子域。
我成功安装了SSL证书来自让我们加密并且所有子域名都来自同一个域名(比如说 exemple.com),并且应该重定向到 https。
当我尝试为非 NodeJs 应用程序(PHP/laravel)添加第四个子域时,反向代理不再传递,不幸的是我没有旧 Nginx 配置的备份。
现在,我正尝试让我的 VPS 与三个旧的 NodeJs 应用程序恢复和谐,但它给了我504网关超时从Nginx。
这是我认为与旧配置相同的配置:
此配置在 chrome 上运行良好,但我正尝试从移动和桌面应用程序访问我的 API。
# HTTP — redirect all traffic to HTTPS
server {
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
}
# App1 from port 3000 to sub1.exemple.com
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sub1.exemple.com;
# Use the Let’s Encrypt certificates
ssl_certificate
/etc/letsencrypt/live/sub1.exemple.com/fullchain.pem;
ssl_certificate_key
/etc/letsencrypt/live/sub1.exemple.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_pass http://localhost:3000/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# App2 from port 4000 to sub2.exemple.com
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sub2.exemple.com;
# Use the Let’s Encrypt certificates
ssl_certificate
/etc/letsencrypt/live/sub2.exemple.com/fullchain.pem;
ssl_certificate_key
/etc/letsencrypt/live/sub2.exemple.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_pass http://localhost:4000/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
# App2 from port 5000 to sub3.exemple.com
server {
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name sub3.exemple.com;
# Use the Let’s Encrypt certificates
ssl_certificate
/etc/letsencrypt/live/sub3.exemple.com/fullchain.pem;
ssl_certificate_key
/etc/letsencrypt/live/sub3.exemple.com/privkey.pem;
# Include the SSL configuration from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-NginX-Proxy true;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_pass http://localhost:5000/;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
}
更新以获取更多信息。
Nginx、NodeJs 和 PM2 没有任何错误。日志很干净。这是我检查请求时得到的结果。
当套接字请求时成功: ( wss://& https://)
当其他人请求时它会失败:
我还想提一下,每个子服务器的 SSL 都安装得很好,而且应用程序在本地服务器上运行稳定,没有任何问题。
答案1
尝试添加 proxy_set_header X-Forwarded-Proto $scheme;
内部位置块
答案2
我找到了问题所在,但问题并不在不是 Nginx,不是PM2,不是 Nodejs既不SSL,这一切都在我部署的应用程序中。Mongodb 的一个问题过程让他不自动启动。因此,应用程序接受第一个请求,因为它不需要数据库干预,并在超时后拒绝登录请求,因为应用程序已经崩溃,但 PM2 重新启动它,并且 Nginx 保持子域对请求开放。
火狐:所以如果您经过这里,您可能需要检查您的应用程序环境。例如:SGBD,R/W 权限,API......
希望这可以帮助任何有类似问题的人。