Nginx 反向代理到 https 不起作用

Nginx 反向代理到 https 不起作用

我正在尝试使用 nginx 作为我的子域 subdomain.domain.com 的反向代理,通过 https 运行多个 python/gunicorn api。以下是我在 sites-enabled 中的服务器块文件 subdomain.domain.com。

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name subdomain.domain.com;

    location /api/ {
           proxy_set_header HOST $host;
           proxy_set_header X-Forwarded-Proto $scheme;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_pass http://localhost:6000;
    }

    location / {
            proxy_set_header HOST $host;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://localhost:8000/;
    }


    }

server {

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
server_name subdomain.domain.com;
ssl_certificate /etc/letsencrypt/live/subdomain.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security “max-age=31536000”;

location / {
            proxy_set_header HOST $host;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://localhost:8000/;
    }

location /api/ {
           proxy_set_header HOST $host;
            proxy_set_header X-Forwarded-Proto $scheme;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header Host      $host;

           proxy_pass http://localhost:6000;
    }

}

两个端点都通过 http 工作,但不是 https。我的服务器上的端口 443 已打开。

curl -i https://subdomain.domain.com超时。所以我怀疑这是 certbot 的问题。

先感谢您。

答案1

Steffen 是正确的,端口 443 在 IPTABLES 中打开,但在默认的 hetzner 防火墙上没有打开。非常感谢

相关内容