EHR*_*Tic 5 ssl nginx fedora reverse-proxy lets-encrypt
这个问题可能已经被问过好几次了,但是考虑到我能找到的所有结果和我所知甚少,我有点迷失了。我使用的是 Fedora 29。
我尝试用 nginx 做什么:
样本 :
application.domain.com --> https://hostname1.domain.local(或 IP 1)
test.domain.com --> https://hostname2.domain.local:1234(或 IP 2)
www.domain.com --> https://hostname3.domain.local(或IP 3)等...
我怎样才能做到这一点?让我们加密自动配置我的 nginx 配置,但这似乎有点太多了。
非常感谢您的回答,我觉得我得到了一些进步,即使暂时没有工作。我在这里发布了我的完整配置文件,因为我现在遇到了“502 Bad Gateway”错误。IP 与反向代理不在同一子网中,但完全可访问,没有防火墙或路由问题。
知道我可以在哪里继续前进吗?在原始配置中,还有一个包含密码和协议的 certbot conf 文件。也许我需要重新包含它?
另外:我尝试访问的内部服务器具有使用我自己的 AD CS 签名的证书,但反向代理上尚未安装根证书。也许我应该 ?
# For more information on configuration, see:
# * Official English Documentation: http://nginx.org/en/docs/
# * Official Russian Documentation: http://nginx.org/ru/docs/
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;
# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;
events {
worker_connections 1024;
}
http {
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 4096;
include /etc/nginx/mime.types;
default_type application/octet-stream;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80;
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name scans.domain.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem; # managed by Certbot
location / {
proxy_pass https://192.168.XX.YY/;
}
}
}
小智 5
为了让 NGINX 将多个域名解析为独立的代理,您需要为您正在使用的每个域设置一个服务器块(是的,您需要includeLE 提供的服务器块):
server {
listen 443 ssl;
server_name application.domain.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
location / {
proxy_pass https://hostname1.domain.local:80/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 443 ssl;
server_name test.domain.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
location / {
proxy_pass https://hostname3.domain.local:80/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
server {
listen 443 ssl;
server_name www.domain.com;
ssl on;
ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
location / {
proxy_pass https://hostname2.domain.local:1234/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
| 归档时间: |
|
| 查看次数: |
20888 次 |
| 最近记录: |