通过 certbot 插件为 NGINX 反向代理创建 certbot ssl 后,我的代理站点将重定向到 Web 服务器的内部 IP 而不是 FQDN。
这是 reverse-proxy.conf:
***server {
server_name mail.mycoolurl.com;
location / {
proxy_pass http://192.168.13.13;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mail.mycoolurl.com/fullchain.pem; # managed by Cert$
ssl_certificate_key /etc/letsencrypt/live/mail.mycoolurl.com/privkey.pem; # managed by Ce$
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = mail.mycoolurl.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80;
server_name mail.mycoolurl.com;
return 404; # managed by Certbot
}
所以如果我去http://mail.mycoolurl.com,我被重定向到https://192.168.13.13当他们走出去时,网络浏览器是无法触及的。