如何使用 nginx 和 SSL 在同一台服务器上为单个域使用多个端口

tag-icon tag-icon nginx ssl ssl-certificate lets-encrypt
如何使用 nginx 和 SSL 在同一台服务器上为单个域使用多个端口

我使用 GoDaddy 作为域名注册商,并<subdomain_name>在 Digital Ocean 上创建了一个链接到我服务器 IP 地址的域名。我还使用 Let's encrypt 获取 SSL 证书,并使用 nginx 作为反向代理。以下是我正在使用的 nginx conf. 文件:

server {
        listen 443 http2 ssl;
        server_name <subdomain_name>;

        #Logging
        access_log /var/log/nginx/<subdomain_name>.access.log;
        error_log /var/log/nginx/<subdomain_name>.error.log;


        location /.well-known/acme-challenge/ {
                root /var/www/html/test; # Temp for generating letsencrypt
                default_type text/plain;
        }

        location / {
                proxy_set_header Host $host:$server_port;
                proxy_set_header X-Real-IP $remote_addr;
                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
                proxy_set_header X-Forwarded-Proto $scheme;

                #Fix the “It appears that your reverse proxy set up is broken” error.

                proxy_pass http://127.0.0.1:3001;
                proxy_read_timeout 90;
                proxy_redirect http://127.0.0.1:3001 http://<subdomain_name>/;

                #Required for new HTTP-based CLI

                proxy_http_version 1.1;
                proxy_request_buffering off;
        }

        # SSL configuration
        ssl_certificate /etc/letsencrypt/live/<subdomain_name>/fullchain.pem; # managed by Certbot
        ssl_certificate_key /etc/letsencrypt/live/<subdomain_name>/privkey.pem; # managed by Certbot
        include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
        ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

server {
        if ($host = <subdomain_name>) {
                return 301 https://$host$request_uri;
        } # managed by Certbot

        listen 80;
        server_name <subdomain_name>;
        return 404; # managed by Certbot
}

设置:

我正在运行多个应用程序,它们正在监听不同的端口,其中一些应用程序相互依赖。

例子:

http://<subdomain_name>:3001 -> being a nginx application angular frontend application
http://<subdomain_name>:3002 -> an API that provides http://<subdomain_name>:3001 with the necessary data
http://<subdomain_name>:3003 -> another service

问题:

当我运行不使用 SSL 的域时,仅使用普通的 http 类似,http://<subdomain_name>:3001, http://<subdomain_name>:3002, http://<subdomain_name>:3003它们工作正常。但是,当我尝试在 https 中运行它时,无法访问以下内容:

https://<subdomain_name>:3002, https://<subdomain_name>:3003

浏览器说:

This website cannot provide a secure connection <subdomain_name> has sent an invalid response.
ERR_SSL_PROTOCOL_ERROR

https://<subdomain_name>:3001起作用,因为它被重定向了,因为这是我在 nginx.conf 文件中指示的。但是我确实收到了一个控制台错误,上面写着

POST https://<subdomain_name>:3002/graphql net::ERR_SSL_PROTOCOL_ERROR

问题是,https://<subdomain_name>:3002 由于它不是一个安全的 SSL 连接,因此无法发出发布请求,从而引发一个错误,即无法提供数据。

预期结果:

我尝试了 nginx 配置,为不同的服务添加不同的服务器块,但无法使其正常工作。

我希望以下内容也适用于 https:

http://<subdomain_name>:3001    
http://<subdomain_name>:3002
http://<subdomain_name>:3003

此外,我希望通过消除此错误,服务https://<subdomain_name>:3002能够提供数据。https://<subdomain_name>:3001

POST https://<subdomain_name>:3002/graphql net::ERR_SSL_PROTOCOL_ERROR

相关内容