AWS Ubuntu 20.04 서버에서 apache2에서 nginx로 이동한 후 웹사이트를 작동시키려고 노력해 왔습니다. apache2의 관련 파일을 nginx 구성으로 변환했지만 페이지를 통해 안전한 https 액세스를 얻을 수 없는 것 같습니다. 내 구성이 온전한지 확인할 수 있나요?
AWS 측에 탄력적 IP를 할당하고 이를 A웹 호스트 플랫폼의 이름으로 다시 라우팅했습니다. 다음을 실행하여 SSL 인증서를 생성할 수 있었습니다 sudo certbot certonly --webroot --agree-tos -w /etc/letsencrypt/ --expand -d mywebsite.com,mywebsite.blah.com.
검색창에 탄력적 IP 주소를 직접 입력하면 웹사이트를 직접 로드할 수도 있지만 웹페이지가 로드됩니다.https 줄이 그어져 있고 유효하지 않은 인증서 메시지입니다.
/etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log debug;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
server_names_hash_bucket_size 128;
include /etc/nginx/sites-enabled/*;
include /etc/letsencrypt/options-ssl-nginx.conf;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
#include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
disable_symlinks off;
}
/etc/apache2/sites-available/website.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName mywebsite.com
ServerAlias mywebsite.com mywebsite.blah.com
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/mywebsite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://amazon-ec2-instance.com:8080/$1 [P,L]
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://amazon-ec2-instance.com:8080/
ProxyPassReverse / http://amazon-ec2-instance.com:8080/
ProxyPassReverseCookieDomain / http://amazon-ec2-instance.com:8080/
ProxyPassReverseCookiePath / http://amazon-ec2-instance.com:8080/
ProxyPass /api/ws wss://amazon-ec2-instance.com:8080/
ProxyPassReverse /api/ws wss://amazon-ec2-instance.com:8080/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
</IfModule>
/etc/nginx/sites-available/website.conf
server {
if ($host = mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server {
listen 80;
listen [::]:80;
server_name mywebsite.com mywebsite.blah.com;
root /var/www/html;
index index.html;
#passenger_enabled on;
location / {
rewrite ^(.*)$ https://$http_host:8080$request_uri redirect;
try_files $uri $uri/ =404;
}
location !/\.ht {
deny all;
}
location ~ \.php$ {
# include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
}
/etc/apache2/sites-available/website-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName mywebsite
ServerAlias mywebsite.com mywebsite.blah.com
SSLEngine on
SSLProxyEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://amazon-ec2-instance.com:8080/$1 [P,L]
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://amazon-ec2-instance.com:8080/
ProxyPassReverse / http://amazon-ec2-instance.com:8080/
ProxyPassReverseCookieDomain / http://amazon-ec2-instance.com:8080/
ProxyPassReverseCookiePath / http://amazon-ec2-instance.com:8080/
ProxyPass /api/ws wss://amazon-ec2-instance.com:8080/
ProxyPassReverse /api/ws wss://amazon-ec2-instance.com:8080/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
SSLCertificateFile /etc/letsencrypt/live/mywebsite/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite/privkey.pem
</VirtualHost>
</IfModule>
/etc/nginx/sites-available/website-ssl.conf
server {
include /etc/letsencrypt/options-ssl-nginx.conf;
listen 443 ssl;
server_name mywebsite.com;
ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem;
root /var/www/html ;
location / {
proxy_pass http://mywebsite.com:8080/ ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cookie_domain http://mywebsite.com:8080/ $host;
proxy_cookie_path / /;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ws {
proxy_pass http://mywebsite.com:8080/ ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
}
/etc/apache2/sites-available/website-ssl2.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName mywebsite.com
ServerAlias mywebsite.com mywebsite.blah.com
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/mywebsite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:8080/$1 [P,L]
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPassReverseCookieDomain / http://localhost:8080/
ProxyPassReverseCookiePath / http://localhost:8080/
ProxyPass /api/ws wss://localhost:8080/
ProxyPassReverse /api/ws wss://localhost:8080/
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
</IfModule>
/etc/nginx/sites-available/website-ssl2.conf
server {
include /etc/letsencrypt/options-ssl-nginx.conf;
listen 443 ssl;
server_name mywebsite.com;
ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem;
location / {
proxy_pass http://localhost:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cookie_domain http://localhost:8080/ $host;
proxy_cookie_path / /;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Other directives specific to your configuration
# ...
}
답변1
user nginx;'/etc/nginx/nginx.conf' 파일의 첫 번째 줄을 다음으로 변경합니다 .user www-data;
그런 다음 nginx 서버를 다시 시작하십시오.
systemctl restart nginx