我安装了一个全新的 Ubuntu18 服务器,并通过 snap 安装了 Nextcloud 和 Rocketchat。
启用 letsencrypt 后,Nextcloud 监听端口 443,Rocketchat 监听端口 3000。
我希望两者都根据域名监听端口 443,而不必处理它们的证书。(https://rocketchat.example.com:443和https://nextcloud.example.com:443)。
当我搜索时,似乎我应该安装 apache 或 nginx 并执行代理服务器。但一切都直接与证书打交道,我想避免这种情况。可能吗?
答案1
这个问题给了我如何做的提示,然后我找到了以下 Apache 反向代理的配置文件:
nextcloud.conf:
LoadModule ssl_module modules/mod_ssl.so
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerName nextcloud.example.com
SSLProxyEngine On
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
SSLCertificateFile /var/snap/nextcloud/current/certs/live/fullchain.pem
SSLCertificateKeyFile /var/snap/nextcloud/current/certs/live/privkey.pem
Proxypass / https://localhost:44300/
ProxypassReverse / https://localhost:44300/
</VirtualHost>
</IfModule>
rocketchat.conf:
<VirtualHost _default_:443>
ServerName rocketchat.example.com
SSLCertificateFile /etc/letsencrypt/live/chat.ljp.upmc.fr/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/chat.ljp.upmc.fr/privkey.pem
<Location />
Order allow,deny
Allow from all
</Location>
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:3000/$1 [P,L]
RewriteCond %{HTTP:Upgrade} !=websocket [NC]
RewriteRule /(.*) http://localhost:3000/$1 [P,L]
ProxyPassReverse / http://localhost:3000/
</VirtualHost>