从 Apache2 迁移到 NGINX 配置

从 Apache2 迁移到 NGINX 配置

在我的 AWS Ubuntu 20.04 服务器上从 apache2 迁移到 nginx 后,我一直在尝试启动我的网站。我已将相关文件从 apache2 转换到我的 nginx 配置,但似乎无法通过页面获得安全的 https 访问。我的配置可以进行健全性检查吗?

我在 AWS 端分配了一个弹性 IP,并使用我们 Web 主机平台上的名称重新路由了该 IP A。我可以通过运行以下命令生成 SSL 证书:sudo certbot certonly --webroot --agree-tos -w /etc/letsencrypt/ --expand -d mywebsite.com,mywebsite.blah.com

我也可以通过直接在搜索栏中输入弹性 IP 地址来直接加载网站,网页也会加载,但https 划掉并显示无效的证书信息。

/etc/nginx/nginx.conf

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log debug;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    server_names_hash_bucket_size       128;
    include /etc/nginx/sites-enabled/*;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    include       /etc/nginx/mime.types;

    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    #include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*.conf;


    disable_symlinks off;
}

/etc/apache2/sites-available/website.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ServerName mywebsite.com
        ServerAlias mywebsite.com mywebsite.blah.com
        SSLEngine on
        SSLProxyEngine on
        SSLCertificateFile /etc/letsencrypt/live/mywebsite.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf

    RewriteEngine On

    RewriteCond %{HTTP:Upgrade} =websocket               [NC]
    RewriteRule /(.*)           ws://amazon-ec2-instance.com:8080/$1  [P,L]

        ProxyPreserveHost On
        ProxyRequests Off
        ProxyPass / http://amazon-ec2-instance.com:8080/
        ProxyPassReverse / http://amazon-ec2-instance.com:8080/
        ProxyPassReverseCookieDomain / http://amazon-ec2-instance.com:8080/
        ProxyPassReverseCookiePath / http://amazon-ec2-instance.com:8080/

        ProxyPass /api/ws wss://amazon-ec2-instance.com:8080/
        ProxyPassReverse /api/ws wss://amazon-ec2-instance.com:8080/
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        <Directory />
          Options FollowSymLinks
          AllowOverride All
        </Directory>

</VirtualHost>
</IfModule>

/etc/nginx/sites-available/website.conf

server {
    if ($host = mywebsite.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

server {
       listen 80;
        listen [::]:80;

       server_name mywebsite.com mywebsite.blah.com;

       root /var/www/html;
       index index.html;

       #passenger_enabled on;

       location / {
                rewrite ^(.*)$ https://$http_host:8080$request_uri redirect;
                try_files $uri $uri/ =404;
        }

        location !/\.ht {
                deny all;
        }

        location ~ \.php$ {
                # include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        }
}

/etc/apache2/sites-available/website-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ServerName mywebsite
        ServerAlias mywebsite.com mywebsite.blah.com
        SSLEngine on
        SSLProxyEngine on
        Include /etc/letsencrypt/options-ssl-apache.conf
        RewriteEngine On


        RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule /(.*) ws://amazon-ec2-instance.com:8080/$1 [P,L]

    ProxyPreserveHost On
    ProxyRequests Off
        ProxyPass / http://amazon-ec2-instance.com:8080/
        ProxyPassReverse / http://amazon-ec2-instance.com:8080/
        ProxyPassReverseCookieDomain / http://amazon-ec2-instance.com:8080/
        ProxyPassReverseCookiePath / http://amazon-ec2-instance.com:8080/

        ProxyPass /api/ws wss://amazon-ec2-instance.com:8080/
        ProxyPassReverse /api/ws wss://amazon-ec2-instance.com:8080/

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        <Directory />
          Options FollowSymLinks
          AllowOverride All
        </Directory>

        SSLCertificateFile /etc/letsencrypt/live/mywebsite/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite/privkey.pem
</VirtualHost>
</IfModule>

/etc/nginx/sites-available/website-ssl.conf

server {
    include                     /etc/letsencrypt/options-ssl-nginx.conf;
    listen                      443 ssl;
    server_name                 mywebsite.com;
    ssl_certificate             /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
    ssl_certificate_key         /etc/letsencrypt/live/mywebsite.com/privkey.pem;

    root                        /var/www/html ;

    location / {
        proxy_pass                      http://mywebsite.com:8080/ ;
        proxy_set_header Host           $host;
        proxy_set_header X-Real-IP      $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_cookie_domain http://mywebsite.com:8080/ $host;
        proxy_cookie_path / /;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /api/ws {
        proxy_pass http://mywebsite.com:8080/ ;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;
}

/etc/apache2/sites-available/website-ssl2.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ServerName mywebsite.com
        ServerAlias mywebsite.com mywebsite.blah.com
        SSLEngine on
        SSLProxyEngine on
        SSLCertificateFile /etc/letsencrypt/live/mywebsite.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf

    RewriteEngine On

    RewriteCond %{HTTP:Upgrade} =websocket               [NC]
    RewriteRule /(.*)           ws://localhost:8080/$1  [P,L]

        ProxyPreserveHost On
        ProxyRequests Off
        ProxyPass / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080/
        ProxyPassReverseCookieDomain / http://localhost:8080/
        ProxyPassReverseCookiePath / http://localhost:8080/

        ProxyPass /api/ws wss://localhost:8080/
        ProxyPassReverse /api/ws wss://localhost:8080/

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        <Directory />
          Options FollowSymLinks
          AllowOverride All
        </Directory>

</VirtualHost>
</IfModule>

/etc/nginx/sites-available/website-ssl2.conf

server {
    include                     /etc/letsencrypt/options-ssl-nginx.conf;
    listen                      443 ssl;
    server_name                 mywebsite.com;

    ssl_certificate             /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
    ssl_certificate_key         /etc/letsencrypt/live/mywebsite.com/privkey.pem;

    location / {
        proxy_pass                      http://localhost:8080/;
        proxy_set_header Host           $host;
        proxy_set_header X-Real-IP      $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_cookie_domain http://localhost:8080/ $host;
        proxy_cookie_path / /;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }


    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    # Other directives specific to your configuration
    # ...
}

答案1

user nginx;将文件“/etc/nginx/nginx.conf”的第一行更改为user www-data;

然后重启 nginx 服务器

systemctl restart nginx

相关内容