在我的 AWS Ubuntu 20.04 服务器上从 apache2 迁移到 nginx 后,我一直在尝试启动我的网站。我已将相关文件从 apache2 转换到我的 nginx 配置,但似乎无法通过页面获得安全的 https 访问。我的配置可以进行健全性检查吗?
我在 AWS 端分配了一个弹性 IP,并使用我们 Web 主机平台上的名称重新路由了该 IP A。我可以通过运行以下命令生成 SSL 证书:sudo certbot certonly --webroot --agree-tos -w /etc/letsencrypt/ --expand -d mywebsite.com,mywebsite.blah.com。
我也可以通过直接在搜索栏中输入弹性 IP 地址来直接加载网站,网页也会加载,但https 划掉并显示无效的证书信息。
/etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log debug;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
server_names_hash_bucket_size 128;
include /etc/nginx/sites-enabled/*;
include /etc/letsencrypt/options-ssl-nginx.conf;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
#include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
disable_symlinks off;
}
/etc/apache2/sites-available/website.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName mywebsite.com
ServerAlias mywebsite.com mywebsite.blah.com
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/mywebsite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://amazon-ec2-instance.com:8080/$1 [P,L]
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://amazon-ec2-instance.com:8080/
ProxyPassReverse / http://amazon-ec2-instance.com:8080/
ProxyPassReverseCookieDomain / http://amazon-ec2-instance.com:8080/
ProxyPassReverseCookiePath / http://amazon-ec2-instance.com:8080/
ProxyPass /api/ws wss://amazon-ec2-instance.com:8080/
ProxyPassReverse /api/ws wss://amazon-ec2-instance.com:8080/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
</IfModule>
/etc/nginx/sites-available/website.conf
server {
if ($host = mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server {
listen 80;
listen [::]:80;
server_name mywebsite.com mywebsite.blah.com;
root /var/www/html;
index index.html;
#passenger_enabled on;
location / {
rewrite ^(.*)$ https://$http_host:8080$request_uri redirect;
try_files $uri $uri/ =404;
}
location !/\.ht {
deny all;
}
location ~ \.php$ {
# include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
}
/etc/apache2/sites-available/website-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName mywebsite
ServerAlias mywebsite.com mywebsite.blah.com
SSLEngine on
SSLProxyEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://amazon-ec2-instance.com:8080/$1 [P,L]
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://amazon-ec2-instance.com:8080/
ProxyPassReverse / http://amazon-ec2-instance.com:8080/
ProxyPassReverseCookieDomain / http://amazon-ec2-instance.com:8080/
ProxyPassReverseCookiePath / http://amazon-ec2-instance.com:8080/
ProxyPass /api/ws wss://amazon-ec2-instance.com:8080/
ProxyPassReverse /api/ws wss://amazon-ec2-instance.com:8080/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
SSLCertificateFile /etc/letsencrypt/live/mywebsite/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite/privkey.pem
</VirtualHost>
</IfModule>
/etc/nginx/sites-available/website-ssl.conf
server {
include /etc/letsencrypt/options-ssl-nginx.conf;
listen 443 ssl;
server_name mywebsite.com;
ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem;
root /var/www/html ;
location / {
proxy_pass http://mywebsite.com:8080/ ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cookie_domain http://mywebsite.com:8080/ $host;
proxy_cookie_path / /;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ws {
proxy_pass http://mywebsite.com:8080/ ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
}
/etc/apache2/sites-available/website-ssl2.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName mywebsite.com
ServerAlias mywebsite.com mywebsite.blah.com
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/mywebsite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:8080/$1 [P,L]
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPassReverseCookieDomain / http://localhost:8080/
ProxyPassReverseCookiePath / http://localhost:8080/
ProxyPass /api/ws wss://localhost:8080/
ProxyPassReverse /api/ws wss://localhost:8080/
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
</IfModule>
/etc/nginx/sites-available/website-ssl2.conf
server {
include /etc/letsencrypt/options-ssl-nginx.conf;
listen 443 ssl;
server_name mywebsite.com;
ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem;
location / {
proxy_pass http://localhost:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cookie_domain http://localhost:8080/ $host;
proxy_cookie_path / /;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Other directives specific to your configuration
# ...
}
答案1
user nginx;将文件“/etc/nginx/nginx.conf”的第一行更改为user www-data;
然后重启 nginx 服务器
systemctl restart nginx