NGINX SSL / 路由

tag-icon tag-icon nginx ssl routing
NGINX SSL / 路由

该问题是我之前遇到的问题的延伸,当时我想将 IP 地址路由到启用 SSL 的主机名,现在它可以正常工作,但我注意到,在 chrome 浏览器上我可以看到安全挂锁图标并且它运行良好,但在 Firefox 和 EDGE 上,它会给我安全警告。

NGINX 文件中的以下代码是否需要一些额外的输入?

这是原始问题,供参考- 通过下面的 nginx 配置可以修复该问题。

我有自己的域名 example.com,因此当有人点击www.example.com 或 example.com 请求自动定向到 https://example.com- 运行正常。但是,当我使用节点应用程序的 IP 地址 1.2.3.4 时,它不会路由到https://example.com已启用 SSL。如果我使用 IP 地址,它会显示相同的页面,但没有挂锁图标。

那么我如何将请求路由到https://example.com当有人输入节点应用程序的 IP 地址时?

我的 Node JS APP 托管在 AWS EC2 实例上,我还使用 certbot (LetsEncrpyt) 安装了 ssl。这是我的 nginx 文件。

 events {
  worker_connections  4096;  ## Default: 1024
}

http {
 
 
  index    index.html index.htm;

  default_type application/octet-stream;
  log_format   main '$remote_addr - $remote_user [$time_local]  $status '
    '"$request" $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';
  access_log   logs/access.log  main;
  sendfile     on;
  tcp_nopush   on;
  server_names_hash_bucket_size 128; # this seems to be required for some vhosts


# Settings for normal server listening on port 80
server {
  listen       80 default_server;
  listen       [::]:80 default_server;
  server_name  example.com www.example.com 1.2.3.4;
  root         /usr/share/nginx/html;
  # location / {
  # }
  # Redirect non-https traffic to https

  if ($host = 1.2.3.4){
    return 301 https://www.example.com;
  }

  if ($scheme != "https") {
    return 301 https://$host$request_uri;
  }
}
# Settings for a TLS enabled server.
server {
  listen       443 ssl http2 default_server;
  listen       [::]:443 ssl http2 default_server;
  server_name  example.com www.example.com 1.2.3.4;
  root         /usr/share/nginx/html;
  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key  /etc/letsencrypt/live/example.com/privkey.pem;
ssl_dhparam "/etc/pki/nginx/dhparams.pem";

  if ($host = $server_addr){
    return 301 https://www.example.com;
  }


  location / {
    proxy_pass http://127.0.0.1:3000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }
}
}

这些是我刚刚隐藏域名后的 Firefox 截图

在此处输入图片描述

After clicking on the Error code : SSL_ERROR_BAD_CERT_DOMAIN, this is what I get 

https://www.example.com/

Unable to communicate securely with peer: requested domain name does not match the server’s certificate.

HTTP Strict Transport Security: false
HTTP Public Key Pinning: false

Certificate chain:

-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISA152qQHyniTjMg0Mtz+8CCp1MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD    
D7Zz5D2d1ZMoxEjNrcLOCIzip2s/4qSpWua6HF48N4asHa81ZEggYeUtdXkBHSf8
75g2yCVPuu29aQtiA4vNl1gjf7YHsI8IwfkmgFNT924MLSiXJLT9iJfr2uO7mclH
Mm/FXWtrWa/DilLSloBCmeG200mBQW9/xs090OARt4sBnxoEgMcCAwEAAaOCAmIw
ggJeMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUiojLfrHzxUcS4JxPnVMRh7x/XCIw
HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBh
MC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
MC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
LzAXBgNVHREEEDAOggxjbGFzc2V0dGUuaW4wTAYDVR0gBEUwQzAIBgZngQwBAgEw
NwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j
cnlwdC5vcmcwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwDnEvKwN34aYvuOyQxh
hPHqezfLVh0RJlvz4PNL8kFUbgAAAXP75SGAAAAEAwBIMEYCIQDOjjKOgXdziPeX
QVliGqyHwLUTE1ZthYmPJuUI8mSiqgIhAIqgFEOYmqWNFWOyAYrX2kBYEdrrxwBT
BQBxXT98vQJ3AHYAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFz
++UhewAABAMARzBFAiEA7MEZ7J9bFOTVtMNZxD8ype1AEyefYWpM+XOuN7NM1koC
IBF4zOJEeJ5tP5vUGPZ4eYqmufGuT84wxleTwlg2zUBeMA0GCSqGSIb3DQEBCwUA
A4IBAQAAG8CxDGmt4zsoodG2o94/uFdx1keBPMUo1HjV1ZwMEMIEVlpS2UbYqwSj
eI88EKGYYFrUIAqpf6YI64F9qYXIOnd9+ckTtz4vjtgGdYV7s5j5+HaV7NPjDtkr
s+nMYtWVPGIXbUZCjItbfreGW86ayFf6uXESN6reiNpXJsmbEp7d8n/9gVoez2RZ
y8TOrdefZ5osN2MBwNSTmZ5YtF/7MJELWerghR3iJ2sNSp7/Y6rCcrBpULMFyoc0
4JGmgcy1T8Bk8eQOeCAg75qKWuWESylOZnxwi6c23SxdYZk2/EqYDL6fg3OJCmtK
C5JUytStqLcBEVj7AnC2daKJQyWq
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8    
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----

对于 EDGE 浏览器,它显示“不安全:https://1.2.3.4”,其中 https 被删除。

但对于 chrome 来说,一切正常。没有错误或警告

相关内容