Nginx

Nginx 伺服器阻止不重定向

  • March 6, 2022

我正在https://modernamedia.no/上做一個項目, 我正在嘗試做很多事情

最後一個正在工作。但是,前兩個不起作用。您可以訪問https://www.modernamedia.no/ 自行測試

我也在努力通過 API 呼叫到達我的本地主機,但這可能是與程式碼相關的問題。

https://stackoverflow.com/questions/71374284/angular-api-request-to-net-5-api-neterr-connection-refuse

conf.d

server {
   if ($host = www.modernamedia.no) {
       return 301 https://modernamedia.no$request_uri;
   } # managed by Certbot

   if ($host = modernamedia.no) {
       return 301 https://$host$request_uri;
   } # managed by Certbot

   # Redirect to the correct place, if needed
   set $https_redirect 0;
   if ($server_port = 80) { set $https_redirect 1; }
   if ($host ~ '^www\.') { set $https_redirect 1; }
   if ($https_redirect = 1) {
       return 301 https://modernamedia.no$request_uri;
   }

   listen 80;
   server_name modernamedia.no;
   return 404; # managed by Certbot
}


server {
   listen [::]:443 ssl http2 ipv6only=on;
   listen 443 ssl http2; # managed by Certbot
   server_name modernamedia.no;
   location / {
       proxy_pass http://localhost:4000;
       proxy_http_version 1.1;
       proxy_set_header Upgrade $http_upgrade;
       proxy_set_header Connection 'upgrade';
       proxy_set_header Host $host;
       proxy_cache_bypass $http_upgrade;
   }
   ssl_certificate /etc/letsencrypt/live/modernamedia.no/fullchain.pem; # managed by Certbot
   ssl_certificate_key /etc/letsencrypt/live/modernamedia.no/privkey.pem; # managed by Certbot
   include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
   # ssl_ciphers EECDH+CHACHA20:EECDH+AES128:RSA+AES128:EECDH+AES256:RSA+AES256:EECDH+3DES:RSA+3DES:!MD5;
   ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}


server {
   listen   80;
   server_name  www.modernamedia.no;

   return 301 https://modernamedia.no$request_uri;
}

server {
   listen        81;
   server_name   api.modernamedia.no;
   root /var/www/ModernaMedia/DotNet;
   location / {
       proxy_pass         http://localhost:5000;
       proxy_http_version 1.1;
       proxy_set_header   Upgrade $http_upgrade;
       proxy_set_header   Connection keep-alive;
       proxy_set_header   Host $host;
       proxy_cache_bypass $http_upgrade;
       proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header   X-Forwarded-Proto $scheme;
   }
}

網站可用/預設

server {
   listen        81;
   server_name   api.modernamedia.no;
   root /var/www/ModernaMedia/DotNet;
   location / {
       proxy_pass         http://localhost:5000;
       proxy_http_version 1.1;
       proxy_set_header   Upgrade $http_upgrade;
       proxy_set_header   Connection keep-alive;
       proxy_set_header   Host $host;
       proxy_cache_bypass $http_upgrade;
       proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
       proxy_set_header   X-Forwarded-Proto $scheme;
   }
}

現代媒體服務

[Unit]
Description=ModernaMedia Net5 service
[Service]
WorkingDirectory=/var/www/ModernaMedia/DotNet
ExecStart=/usr/bin/dotnet /var/www/ModernaMedia/DotNet/ModernaMediaDotNet.dll
Restart=always
# Restart service after 10 seconds if the dotnet service crashes:
RestartSec=10
KillSignal=SIGINT
SyslogIdentifier=ModernaMedia-dotnet
User=www-data
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false
[Install]
WantedBy=multi-user.target

我可以通過 curl 訪問我的 .NET 伺服器

您應該確保 Certbot 不會觸及您的 nginx 配置文件。它使用有問題且脆弱的方法來配置事物。

請改用以下方法:

# Redirect HTTP requests to HTTPS
server {
   listen 80;
   server_name modernamedia.no www.modernamedia.no;

   # Allow serving of Letsencrypt HTTP auth challenges

   location /.well-known {
       try_files $uri $uri/ =404;
   }

   # Do redirect to https
   location / {
       return 301 https://modernamedia.no$request_uri;
   }
}

# Redirect https://www.modernamedia.no to https://modernamedia.no
server {
   listen 443 ssl http2;
   server_name www.modernamedia.no;

   ssl_certificate /path/to/ssl_cert;
   ssl_certificate_key /path/to/ssl_key;

   return 301 https://modernamedia.no$request_uri;
}

# https://modernamedia.no
server {
   listen 443 ssl http2;
   server_name modernamedia.no;

   ssl_certificate /path/to/ssl_cert;
   ssl_certificate_key /path/to/ssl_key;

   # Actual web site configuration here
}

引用自:https://serverfault.com/questions/1095488