我在 jupyter 和 nginx 中都没有遇到任何错误。将所有内容放入 HTTP 块中有效,/var/log/nginx/{access,error}.log
但journalctl
HTTPS 网站始终无法加载(我尝试过curl -Lvvv 'http://DOMAIN_NAME'
,重定向有效,但随后超时)
从 apt 官方镜像中启动最新的 nginxhttp://nginx.org/packages/ubuntu,我手动配置了 LetsEncrypt 和 dhparams 和 nginx-options,如下所示:
$ python3 -m venv venv
$ venv/bin/python -m pip install certbot
$ sudo systemctl stop nginx
$ venv/bin/certbot certonly --standalone --agree-tos \
-d '[DOMAIN_NAME]' -m '[EMAIL]'
$ base_url='https://raw.githubusercontent.com/certbot/certbot/master/certbot'
$ curl --proto '=https' --tlsv1.2 -sSf \
"$base_url"'/certbot/ssl-dhparams.pem' \
-o '/etc/ssl/certs/ssl-dhparam.pem'
$ curl --proto '=https' --tlsv1.2 -sSf \
"$base_url"'-nginx/certbot_nginx/_internal/tls_configs/options-ssl-nginx.conf' \
-o '/etc/letsencrypt/options-ssl-nginx.conf'
$ # Add `nginx service conf` and `jupyter_notebook.service` from below
$ systemctl start nginx
/lib/systemd/system/jupyter_notebook.service
[Unit]
Description=Job that runs the jupyter_notebook daemon
[Service]
User=VIRTUALENV_USER
Group=VIRTUALENV_GROUP
Environment=VIRTUALENV=VIRTUALENV_BIN
Environment=PYTHONPATH=VIRTUALENV_BIN
WorkingDirectory=/MY/NOTEBOOKS/DIR
ExecStart=VIRTUALENV_BIN/jupyter notebook --no-browser \
--NotebookApp.port=8000 \
--NotebookApp.notebook_dir=/MY/NOTEBOOKS/DIR \
--NotebookApp.local_hostnames DOMAIN_NAME \
--NotebookApp.allow_origin DOMAIN_NAME \
--NotebookApp.password_required=True \
--NotebookApp.password argon2:$argon2id$v=19$m=1024<omitted>
[Install]
WantedBy=multi-user.target
/etc/nginx/sites-enabled/DOMAIN_NAME.conf
include /etc/nginx/sites-enabled/*.conf;
然后在http
块中添加nginx.conf
以下内容:
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server {
listen 80;
server_name DOMAIN_NAME;
return 302 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name DOMAIN_NAME;
ssl_certificate /etc/letsencrypt/live/DOMAIN_NAME/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/DOMAIN_NAME/privkey.pem;
ssl_dhparam /etc/ssl/certs/ssl-dhparam.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
location / {
proxy_pass http://127.0.0.1:8000;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Scheme $scheme;
proxy_buffering off;
}
location ~ /.well-known {
allow all;
}
}
我也尝试在server
块中添加这些块:
location ~ /api/kernels/ {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade "websocket";
proxy_set_header Connection "Upgrade";
proxy_read_timeout 86400;
}
location ~ /terminals/ {
proxy_pass http://localhost:8000;
proxy_set_header Host $host;
proxy_http_version 1.1;
proxy_set_header Upgrade "websocket";
proxy_set_header Connection "Upgrade";
proxy_read_timeout 86400;
}
附言:我已经编写了整个过程的脚本,但在此处发布,以便您无需遵循我的自动化过程即可跟进。
我究竟做错了什么?