努力让我的主机在端口 80/HTTP 上工作并重定向到 HTTPS。当我给出一个 URL 时发现了这一点,他们说它不起作用,但注意到指向该网站的直接链接确实有效。我做了一些调查,看起来 nginx 没有监听端口 80 上的连接,除了本地主机。由于到目前为止我主要在这台机器上使用 Apache,所以我不太确定我需要更改什么(或者我可能在过去更改过什么)。
以下是示例主机文件,许多都相同:
default upgrade;
'' close;
}
upstream backend_kindalame.com {
server 127.0.0.1:9142 fail_timeout=0;
}
proxy_cache_path /var/cache/kindalame.com levels=1:2 keys_zone=CACHE_kindalame.com:1m inactive=7d max_size=1g;
server {
listen *:80;
listen [::]:80;
server_name kindalame.com;
root /usr/local/www/kindalame;
index index.php index.html index.htm;
location /.well-known/acme-challenge/ { allow all; }
location / { return 301 https://$host$request_uri; }
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name kindalame.com;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!MEDIUM:!LOW:!aNULL:!NULL:!SHA;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
# Uncomment these lines once you acquire a certificate:
ssl_certificate /etc/letsencrypt/live/kindalame.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/kindalame.com/privkey.pem;
keepalive_timeout 70;
sendfile on;
client_max_body_size 80m;
root /usr/local/www/kindalame;
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
add_header Strict-Transport-Security "max-age=31536000";
location / {
try_files $uri @proxy;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
}
location ~ /\.ht {
deny all;
}
location ~ ^/(emoji|packs|system/accounts/avatars|system/media_attachments/files) {
add_header Cache-Control "public, max-age=31536000, immutable";
add_header Strict-Transport-Security "max-age=31536000";
try_files $uri @proxy;
}
location /sw.js {
add_header Cache-Control "public, max-age=0";
add_header Strict-Transport-Security "max-age=31536000";
try_files $uri @proxy;
}
location @proxy {
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
proxy_set_header Proxy "";
proxy_pass_header Server;
proxy_pass http://backend_kindalame.com;
proxy_buffering on;
proxy_redirect off;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_cache CACHE_kindalame.com;
proxy_cache_valid 200 7d;
proxy_cache_valid 410 24h;
proxy_cache_use_stale error timeout updating http_500 http_502 http_503 http_504;
add_header X-Cached $upstream_cache_status;
add_header Strict-Transport-Security "max-age=31536000";
tcp_nodelay on;
}
}
当我在远程机器上运行 CURL 时,我得到:
* Trying 45.79.203.143...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x5620eda24f50)
* Connected to 4qq.org (45.79.203.143) port 80 (#0)
> GET / HTTP/1.1
> Host: 4qq.org
> User-Agent: curl/7.64.0
> Accept: */*
>
* Recv failure: Connection reset by peer
* Closing connection 0
curl: (56) Recv failure: Connection reset by peer
但尝试在本地主机上运行 curl 时,我期望外界会看到以下内容:
* Expire in 149999 ms for 3 (transfer 0x55cc3f0a7f50)
* Expire in 200 ms for 4 (transfer 0x55cc3f0a7f50)
* Connected to localhost (::1) port 80 (#0)
> GET / HTTP/1.1
> Host: localhost
> User-Agent: curl/7.64.0
> Accept: */*
>
< HTTP/1.1 301 Moved Permanently
< Server: nginx/1.14.2
< Date: Sun, 15 Nov 2020 12:38:07 GMT
< Content-Type: text/html
< Content-Length: 185
< Connection: keep-alive
< Location: https://localhost/
<
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/1.14.2</center>
</body>
</html>
* Connection #0 to host localhost left intact
NETSTAT 也是如此:
# netstat -l | grep http
tcp 0 0 0.0.0.0:https 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:http 0.0.0.0:* LISTEN
tcp6 0 0 [::]:https [::]:* LISTEN
tcp6 0 0 [::]:http [::]:* LISTEN
我刚刚让 Apache2 作为此主机上的反向代理运行,并将其移开以成为后端。HTTPS 工作正常,实际上非常好。我只是不明白为什么我的连接仅在端口 80 上重置,而不是像我预期的那样重定向到 443。
编辑添加 nginx Conf;
user www-data;
worker_processes auto;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
client_max_body_size 10000M;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
# gzip_vary on;
# gzip_proxied any;
# gzip_comp_level 6;
# gzip_buffers 16 8k;
# gzip_http_version 1.1;
# gzip_types text/plain text/css application/json application/javascript text/xml application/xml application/xml+rss text/javascript;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
#mail {
# # See sample authentication script at:
# # http://wiki.nginx.org/ImapAuthenticateWithApachePhpScript
#
# # auth_http localhost/auth.php;
# # pop3_capabilities "TOP" "USER";
# # imap_capabilities "IMAP4rev1" "UIDPLUS";
#
# server {
# listen localhost:110;
# protocol pop3;
# proxy on;
# }
#
# server {
# listen localhost:143;
# protocol imap;
# proxy on;
# }
#}
答案1
发现了问题。这是一个文本编辑器留下的差事文件(conf 文件末尾带有 ~)。
它包含以下内容:
server {
listen 80 ssl;
server_name saleshorse.stream;
return 301 https://$host$request_uri;
#error_page 497 https://$host:$server_port$request_uri;
location / {
proxy_buffering off;
proxy_pass http://localhost:9999;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header Host $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_redirect off;
}
注意端口 80 上的 SSL 标签有误
我很惊讶 nginx 包含了 ~ 文件......