Nginx

Nginx反向代理到https不起作用

  • July 30, 2019

我正在嘗試使用 nginx 作為我的子域 subdomain.domain.com 的反向代理,通過 https 執行多個 python/gunicorn api。下面是啟用站點的我的伺服器塊文件 subdomain.domain.com。

server {
   listen 80 default_server;
   listen [::]:80 default_server;
   server_name subdomain.domain.com;

   location /api/ {
          proxy_set_header HOST $host;
          proxy_set_header X-Forwarded-Proto $scheme;
          proxy_set_header X-Real-IP $remote_addr;
          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
          proxy_pass http://localhost:6000;
   }

   location / {
           proxy_set_header HOST $host;
           proxy_set_header X-Forwarded-Proto $scheme;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_pass http://localhost:8000/;
   }


   }

server {

listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
server_name subdomain.domain.com;
ssl_certificate /etc/letsencrypt/live/subdomain.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/subdomain.domain.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
add_header Strict-Transport-Security “max-age=31536000”;

location / {
           proxy_set_header HOST $host;
           proxy_set_header X-Forwarded-Proto $scheme;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_pass http://localhost:8000/;
   }

location /api/ {
          proxy_set_header HOST $host;
           proxy_set_header X-Forwarded-Proto $scheme;
           proxy_set_header X-Real-IP $remote_addr;
           proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
           proxy_set_header Host      $host;

          proxy_pass http://localhost:6000;
   }

}

兩個端點都在 http 上工作,但不是 https。我的伺服器上的埠 443 已打開。

curl -i https://subdomain.domain.com超時。所以我懷疑這是certbot的問題。

先感謝您。

Steffen 是正確的,埠 443 在 IPTABLES 中打開,但在預設的 hetzner 防火牆上沒有打開。非常感謝你

引用自:https://serverfault.com/questions/977027