Nginx
Nginx 伺服器阻止不重定向
我正在https://modernamedia.no/上做一個項目, 我正在嘗試做很多事情
- 將所有呼叫www.modernamedia.no重定向到https://modernamedia.no/
- proxypass localhost:5000 到 api.modernamedia.no
- 將所有 http 呼叫重定向到 https。
最後一個正在工作。但是,前兩個不起作用。您可以訪問https://www.modernamedia.no/ 自行測試
我也在努力通過 API 呼叫到達我的本地主機,但這可能是與程式碼相關的問題。
conf.d
server { if ($host = www.modernamedia.no) { return 301 https://modernamedia.no$request_uri; } # managed by Certbot if ($host = modernamedia.no) { return 301 https://$host$request_uri; } # managed by Certbot # Redirect to the correct place, if needed set $https_redirect 0; if ($server_port = 80) { set $https_redirect 1; } if ($host ~ '^www\.') { set $https_redirect 1; } if ($https_redirect = 1) { return 301 https://modernamedia.no$request_uri; } listen 80; server_name modernamedia.no; return 404; # managed by Certbot } server { listen [::]:443 ssl http2 ipv6only=on; listen 443 ssl http2; # managed by Certbot server_name modernamedia.no; location / { proxy_pass http://localhost:4000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection 'upgrade'; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; } ssl_certificate /etc/letsencrypt/live/modernamedia.no/fullchain.pem; # managed by Certbot ssl_certificate_key /etc/letsencrypt/live/modernamedia.no/privkey.pem; # managed by Certbot include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot # ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5; ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot } server { listen 80; server_name www.modernamedia.no; return 301 https://modernamedia.no$request_uri; } server { listen 81; server_name api.modernamedia.no; root /var/www/ModernaMedia/DotNet; location / { proxy_pass http://localhost:5000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection keep-alive; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
網站可用/預設
server { listen 81; server_name api.modernamedia.no; root /var/www/ModernaMedia/DotNet; location / { proxy_pass http://localhost:5000; proxy_http_version 1.1; proxy_set_header Upgrade $http_upgrade; proxy_set_header Connection keep-alive; proxy_set_header Host $host; proxy_cache_bypass $http_upgrade; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_set_header X-Forwarded-Proto $scheme; } }
現代媒體服務
[Unit] Description=ModernaMedia Net5 service [Service] WorkingDirectory=/var/www/ModernaMedia/DotNet ExecStart=/usr/bin/dotnet /var/www/ModernaMedia/DotNet/ModernaMediaDotNet.dll Restart=always # Restart service after 10 seconds if the dotnet service crashes: RestartSec=10 KillSignal=SIGINT SyslogIdentifier=ModernaMedia-dotnet User=www-data Environment=ASPNETCORE_ENVIRONMENT=Production Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false [Install] WantedBy=multi-user.target
我可以通過 curl 訪問我的 .NET 伺服器
您應該確保 Certbot 不會觸及您的 nginx 配置文件。它使用有問題且脆弱的方法來配置事物。
請改用以下方法:
# Redirect HTTP requests to HTTPS server { listen 80; server_name modernamedia.no www.modernamedia.no; # Allow serving of Letsencrypt HTTP auth challenges location /.well-known { try_files $uri $uri/ =404; } # Do redirect to https location / { return 301 https://modernamedia.no$request_uri; } } # Redirect https://www.modernamedia.no to https://modernamedia.no server { listen 443 ssl http2; server_name www.modernamedia.no; ssl_certificate /path/to/ssl_cert; ssl_certificate_key /path/to/ssl_key; return 301 https://modernamedia.no$request_uri; } # https://modernamedia.no server { listen 443 ssl http2; server_name modernamedia.no; ssl_certificate /path/to/ssl_cert; ssl_certificate_key /path/to/ssl_key; # Actual web site configuration here }