我正在尝试使用 nginx 作为我的子域 subdomain.domain.com 的反向代理,通过 https 运行多个 python/gunicorn api。以下是我在 sites-enabled 中的服务器块文件 subdomain.domain.com。
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name subdomain.domain.com;
location /api/ {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:6000;
}
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8000/;
}
}
server {
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
server_name subdomain.domain.com;
ssl_certificate /etc/letsencrypt/live/subdomain.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security “max-age=31536000”;
location / {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:8000/;
}
location /api/ {
proxy_set_header HOST $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://localhost:6000;
}
}
两个端点都通过 http 工作,但不是 https。我的服务器上的端口 443 已打开。
curl -i https://subdomain.domain.com超时。所以我怀疑这是 certbot 的问题。
先感谢您。
答案1
Steffen 是正确的,端口 443 在 IPTABLES 中打开,但在默认的 hetzner 防火墙上没有打开。非常感谢