我有一个在 9000 端口运行的服务,并使用 letsencrypt 设置了 ssl。我想将所有请求从 http 转发到 https。
http://demo.mydomain.com -> https://demo.mydomain.com
http://www.demo.mydomain.com -> https://demo.mydomain.com
www.demo.mydomain.com -> https://demo.mydomain.com
这是我的配置
vi /etc/nginx/sites-available/default
server {
root /var/www/html;
server_name demo.mydomain.com;
location / {
proxy_pass http://127.0.0.1:9000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/demo.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/demo.mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = demo.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name demo.mydomain.com;
return 301 https://$host$request_uri;
#return 404; # managed by Certbot
}
# nginx -t
#systemctl 重新加载 nginx.service
# curl -Ihttps://demo.mydomain.com-> 有效
# curl -Ihttp://demo.mydomain.com-> 超时
我尝试过许多类似的解决方案,但都不起作用。谢谢任何线索。
答案1
这是我的愚蠢错误。端口 80 未在 aws 实例中打开。但是,这是我为在不同端口运行的服务强制从 http 重定向到 https 的有效配置。
server {
server_name demo.mydomain.com www.demo.mydomain.com;
location / {
proxy_pass http://127.0.0.1:9000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/demo.mydomain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/demo.mydomain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = demo.mydomain.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name demo.mydomain.com;
#return 404; # managed by Certbot
}
还要确保打开端口 80 和 443。干杯!