我正在尝试将我的域名重定向到另一个域名但将我的域名保留在 URL 中。
这是我的设置:
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com;
root /home/redacted/redacted/wwwdir;
# SSL
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/example.com/chain.pem;
# reverse proxy
location / {
proxy_pass https://example2.com/ID/;
}
# Block google
location = /robots.txt {
add_header Content-Type text/plain;
return 200 "User-agent: *\nDisallow: /\n";
}
}
# HTTP redirect
server {
listen 80;
listen [::]:80;
server_name .example.com;
location / {
return 301 https://example.com$request_uri;
}
}
但我在日志中看到如下错误:
2019/05/31 18:35:48 [crit] 14831#14831: *2415 SSL_do_handshake() failed (SSL: error:14090072:SSL routines:SSL3_GET_SERVER_CERTIFICATE:bad message type) while SSL handshaking to upstream, client: IP, server: example.com, request: "GET /templates/js/jquery.nestable.js HTTP/1.1", upstream: "https://IP:443/ID/templates/js/jquery.nestable.js", host: "example.com", referrer: "https://example.com/admin/index.php"
我认为这里的问题是upstream:"https://IP:443/ID/templates/js/jquery.nestable.js"
为什么这里使用IP:443?
答案1
当使用 https 连接到后端/上游时,Nginx 默认使用客户端证书身份验证:它希望你向其提供由上游证书签名的证书(请参阅https://docs.nginx.com/nginx/admin-guide/security-controls/securing-http-traffic-upstream/)。
据我所知,这不是您想要的;您只想保护 Nginx 与上游之间的通信,而不是对其进行身份验证/授权。
不久前我遇到过同样的问题;如果我没记错的话,在指令proxy_ssl_verify off;
旁边添加内容proxy_pass ...
就可以解决该问题。