我正在做一个项目https://modernamedia.no/ 我正在尝试做很多事情
- 将所有呼叫重定向至www.modernmedia.no到https://modernamedia.no/
- proxypass localhost:5000 到 api.modernamedia.no
- 将所有 http 调用重定向到 https。
最后一个可以工作。但是前两个不起作用。你可以自己测试一下,方法是:https://www.modernamedia.no/
我也很难通过 API 调用访问我的本地主机,但这可能是与代码相关的问题。
配置文件
server {
if ($host = www.modernamedia.no) {
return 301 https://modernamedia.no$request_uri;
} # managed by Certbot
if ($host = modernamedia.no) {
return 301 https://$host$request_uri;
} # managed by Certbot
# Redirect to the correct place, if needed
set $https_redirect 0;
if ($server_port = 80) { set $https_redirect 1; }
if ($host ~ '^www\.') { set $https_redirect 1; }
if ($https_redirect = 1) {
return 301 https://modernamedia.no$request_uri;
}
listen 80;
server_name modernamedia.no;
return 404; # managed by Certbot
}
server {
listen [::]:443 ssl http2 ipv6only=on;
listen 443 ssl http2; # managed by Certbot
server_name modernamedia.no;
location / {
proxy_pass http://localhost:4000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
ssl_certificate /etc/letsencrypt/live/modernamedia.no/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/modernamedia.no/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
# ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
listen 80;
server_name www.modernamedia.no;
return 301 https://modernamedia.no$request_uri;
}
server {
listen 81;
server_name api.modernamedia.no;
root /var/www/ModernaMedia/DotNet;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
站点可用/默认
server {
listen 81;
server_name api.modernamedia.no;
root /var/www/ModernaMedia/DotNet;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
modernamedia.service
[Unit]
Description=ModernaMedia Net5 service
[Service]
WorkingDirectory=/var/www/ModernaMedia/DotNet
ExecStart=/usr/bin/dotnet /var/www/ModernaMedia/DotNet/ModernaMediaDotNet.dll
Restart=always
# Restart service after 10 seconds if the dotnet service crashes:
RestartSec=10
KillSignal=SIGINT
SyslogIdentifier=ModernaMedia-dotnet
User=www-data
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false
[Install]
WantedBy=multi-user.target
我可以通过 curl 访问我的 .NET 服务器
答案1
您应该确保 Certbot 不会触碰您的 nginx 配置文件。它使用一种有问题且脆弱的方法来配置事物。
请改用以下方法:
# Redirect HTTP requests to HTTPS
server {
listen 80;
server_name modernamedia.no www.modernamedia.no;
# Allow serving of Letsencrypt HTTP auth challenges
location /.well-known {
try_files $uri $uri/ =404;
}
# Do redirect to https
location / {
return 301 https://modernamedia.no$request_uri;
}
}
# Redirect https://www.modernamedia.no to https://modernamedia.no
server {
listen 443 ssl http2;
server_name www.modernamedia.no;
ssl_certificate /path/to/ssl_cert;
ssl_certificate_key /path/to/ssl_key;
return 301 https://modernamedia.no$request_uri;
}
# https://modernamedia.no
server {
listen 443 ssl http2;
server_name modernamedia.no;
ssl_certificate /path/to/ssl_cert;
ssl_certificate_key /path/to/ssl_key;
# Actual web site configuration here
}