AWS Ubuntu 20.04 サーバーで apache2 から nginx に移行した後、Web サイトを立ち上げようとしています。apache2 の関連ファイルを nginx 構成に転送しましたが、ページ経由で安全な https アクセスを取得できないようです。構成の健全性チェックは可能ですか?
AWS 側で Elastic IP を割り当て、それを Web ホスト プラットフォーム上の名前で再ルーティングしましたA。以下を実行して SSL 証明書を生成できましたsudo certbot certonly --webroot --agree-tos -w /etc/letsencrypt/ --expand -d mywebsite.com,mywebsite.blah.com。
また、検索バーにElastic IPアドレスを直接入力してWebページを直接読み込むこともできますが、https 取り消し線が引かれ、証明書が無効であるというメッセージが表示されます。
nginx.conf は、
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log debug;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
server_names_hash_bucket_size 128;
include /etc/nginx/sites-enabled/*;
include /etc/letsencrypt/options-ssl-nginx.conf;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
#include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
disable_symlinks off;
}
/etc/apache2/sites-available/ウェブサイト.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName mywebsite.com
ServerAlias mywebsite.com mywebsite.blah.com
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/mywebsite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://amazon-ec2-instance.com:8080/$1 [P,L]
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://amazon-ec2-instance.com:8080/
ProxyPassReverse / http://amazon-ec2-instance.com:8080/
ProxyPassReverseCookieDomain / http://amazon-ec2-instance.com:8080/
ProxyPassReverseCookiePath / http://amazon-ec2-instance.com:8080/
ProxyPass /api/ws wss://amazon-ec2-instance.com:8080/
ProxyPassReverse /api/ws wss://amazon-ec2-instance.com:8080/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
</IfModule>
/etc/nginx/sites-available/ウェブサイト.conf
server {
if ($host = mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server {
listen 80;
listen [::]:80;
server_name mywebsite.com mywebsite.blah.com;
root /var/www/html;
index index.html;
#passenger_enabled on;
location / {
rewrite ^(.*)$ https://$http_host:8080$request_uri redirect;
try_files $uri $uri/ =404;
}
location !/\.ht {
deny all;
}
location ~ \.php$ {
# include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
}
/etc/apache2/sites-available/website-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName mywebsite
ServerAlias mywebsite.com mywebsite.blah.com
SSLEngine on
SSLProxyEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://amazon-ec2-instance.com:8080/$1 [P,L]
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://amazon-ec2-instance.com:8080/
ProxyPassReverse / http://amazon-ec2-instance.com:8080/
ProxyPassReverseCookieDomain / http://amazon-ec2-instance.com:8080/
ProxyPassReverseCookiePath / http://amazon-ec2-instance.com:8080/
ProxyPass /api/ws wss://amazon-ec2-instance.com:8080/
ProxyPassReverse /api/ws wss://amazon-ec2-instance.com:8080/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
SSLCertificateFile /etc/letsencrypt/live/mywebsite/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite/privkey.pem
</VirtualHost>
</IfModule>
利用可能なサイト
server {
include /etc/letsencrypt/options-ssl-nginx.conf;
listen 443 ssl;
server_name mywebsite.com;
ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem;
root /var/www/html ;
location / {
proxy_pass http://mywebsite.com:8080/ ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cookie_domain http://mywebsite.com:8080/ $host;
proxy_cookie_path / /;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ws {
proxy_pass http://mywebsite.com:8080/ ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
}
/etc/apache2/sites-available/website-ssl2.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName mywebsite.com
ServerAlias mywebsite.com mywebsite.blah.com
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/mywebsite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:8080/$1 [P,L]
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPassReverseCookieDomain / http://localhost:8080/
ProxyPassReverseCookiePath / http://localhost:8080/
ProxyPass /api/ws wss://localhost:8080/
ProxyPassReverse /api/ws wss://localhost:8080/
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
</IfModule>
/etc/nginx/sites-available/website-ssl2.conf
server {
include /etc/letsencrypt/options-ssl-nginx.conf;
listen 443 ssl;
server_name mywebsite.com;
ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem;
location / {
proxy_pass http://localhost:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cookie_domain http://localhost:8080/ $host;
proxy_cookie_path / /;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Other directives specific to your configuration
# ...
}
答え1
user nginx;ファイル「/etc/nginx/nginx.conf」の最初の行を次のように変更します。user www-data;
次にnginxサーバーを再起動します
systemctl restart nginx