帶有 SSL 的 Nginx 反向代理 - 403 錯誤

在過去的幾天裡，我一直在嘗試安裝 Nginx 作為反向代理，但我無法讓它工作。每次我在我的網站上傳入一個頁面，甚至在我的伺服器上傳入一個文件時，它都會返回一個 403 禁止錯誤。

我一直在關注我在DigitalOcean上找到的教程，我已經完成了該教程。（在文章的最後，有一張phpinfo頁面的圖片說它載入了Apache Handler。我的phpinfo頁面也說了同樣的話。

但是無論我做什麼，我都無法讓 403 錯誤消失。

伺服器規格：

作業系統：Unbutu

記憶體：512 MB

Nginx 配置文件

   server {

   ### server port and name ###
   listen          *:443;
   ssl             on;
   server_name     --Server Name--;


   #include global/common.conf;
   #include global/wordpress.conf;
   #include global/multisite.conf;


   ### SSL log files ###
   access_log      --Log Location--;
   error_log       --Log Location--;

   ### SSL cert files ###
   ssl_certificate      --Certificate File--;
   ssl_certificate_key  --Certificate Key File--;

   root /var/www/; 
   allow 127.0.0.1;
   deny all;
   index index.php index.html index.htm;

   server_name --Server Name--; 

   location / {
   try_files $uri $uri/ /index.php;
   }

   location ~ \.php$ {
   try_files $uri =404;
   fastcgi_split_path_info ^(.+\.php)(/.+)$;
   fastcgi_pass unix:/var/run/php5-fpm.sock;
   fastcgi_index index.php;
   include fastcgi_params;
   fastcgi_pass 127.0.0.1:9000;

   proxy_set_header X-Real-IP  $remote_addr;
   proxy_set_header X-Forwarded-For $remote_addr;
   proxy_set_header Host $host;
   proxy_pass http://127.0.0.1:8080;

    }

    location ~ /\.ht {
               deny all;

   }
  }

Apache Ports.conf 文件

  # If you just change the port or add more ports here, you will likely       also
  # have to change the VirtualHost statement in
  # /etc/apache2/sites-enabled/000-default.conf


  #Listen 127.0.0.1:8080
  Listen *:8080
  #Listen 80

  <IfModule ssl_module>
   Listen 444
   #Didn't work on 443 with Nginx as a reverse proxy
  </IfModule>

  <IfModule mod_gnutls.c>
   Listen 444
   #Didn't work on 443 with Nginx as a reverse proxy
  </IfModule>

  # vim: syntax=apache ts=4 sw=4 sts=4 sr noet

阿帕奇配置文件

<VirtualHost *:8080>


DocumentRoot /var/www/

<Directory />
   Options FollowSymLinks
   AllowOverride All
</Directory>

<Directory /var/www/>
   Options Indexes FollowSymLinks MultiViews
   AllowOverride None
   Order allow,deny
   allow from all
</Directory>

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
<Directory "/usr/lib/cgi-bin">
   AllowOverride None
   Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
   Order allow,deny
   Allow from all
</Directory>

ErrorLog ${APACHE_LOG_DIR}/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog ${APACHE_LOG_DIR}/access.log combined

Alias /doc/ "/usr/share/doc/"
<Directory "/usr/share/doc/">
   Options Indexes MultiViews FollowSymLinks
   AllowOverride None
   Order deny,allow
   Deny from all
   Allow from 127.0.0.0/255.0.0.0 ::1/128
</Directory>

好的，一切看起來都很順利。基本上，我更改了我的 Nginx 伺服器塊以將 SSL 請求轉發到445Apache 執行 SSL 的埠。

Nginx 伺服器塊

   proxy_redirect          off;
   proxy_set_header X-Real-IP  $remote_addr;
   proxy_set_header Host $host;
   proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
   location / {
   proxy_pass https://127.0.0.1:445;

Apache 虛擬主機文件

   <VirtualHost *:445>

   (Apache Config options w/ SSL)

   </VirtualHost>

這篇文章讓我走上了正確的道路。 多站點 Nginx 反向代理路由到 Apache

引用自：https://serverfault.com/questions/681714