Migrando da configuração Apache2 para NGINX

Migrando da configuração Apache2 para NGINX

Tenho tentado colocar meu site no ar depois de mudar do Apache2 para o nginx em meu servidor AWS Ubuntu 20.04. Traduzi os arquivos relevantes do Apache2 para minha configuração do nginx, mas não consigo obter acesso https seguro por meio da página. Minhas configurações podem ser verificadas?

Aloquei um IP elástico no lado da AWS e o redirecionei com um Anome em nossa plataforma de host da web. Consegui gerar os certificados SSL executando: sudo certbot certonly --webroot --agree-tos -w /etc/letsencrypt/ --expand -d mywebsite.com,mywebsite.blah.com.

Também posso carregar o site diretamente inserindo o endereço IP elástico diretamente na minha barra de pesquisa e a página da web carrega, mas comhttps riscado e uma mensagem de certificado inválido.

/etc/nginx/nginx.conf

user  nginx;
worker_processes  auto;

error_log  /var/log/nginx/error.log debug;
pid        /var/run/nginx.pid;


events {
    worker_connections  1024;
}


http {
    server_names_hash_bucket_size       128;
    include /etc/nginx/sites-enabled/*;
    include /etc/letsencrypt/options-ssl-nginx.conf;
    include       /etc/nginx/mime.types;

    default_type  application/octet-stream;

    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    keepalive_timeout  65;

    #gzip  on;

    #include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*.conf;


    disable_symlinks off;
}

/etc/apache2/sites-available/website.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ServerName mywebsite.com
        ServerAlias mywebsite.com mywebsite.blah.com
        SSLEngine on
        SSLProxyEngine on
        SSLCertificateFile /etc/letsencrypt/live/mywebsite.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf

    RewriteEngine On

    RewriteCond %{HTTP:Upgrade} =websocket               [NC]
    RewriteRule /(.*)           ws://amazon-ec2-instance.com:8080/$1  [P,L]

        ProxyPreserveHost On
        ProxyRequests Off
        ProxyPass / http://amazon-ec2-instance.com:8080/
        ProxyPassReverse / http://amazon-ec2-instance.com:8080/
        ProxyPassReverseCookieDomain / http://amazon-ec2-instance.com:8080/
        ProxyPassReverseCookiePath / http://amazon-ec2-instance.com:8080/

        ProxyPass /api/ws wss://amazon-ec2-instance.com:8080/
        ProxyPassReverse /api/ws wss://amazon-ec2-instance.com:8080/
        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        <Directory />
          Options FollowSymLinks
          AllowOverride All
        </Directory>

</VirtualHost>
</IfModule>

/etc/nginx/sites-available/website.conf

server {
    if ($host = mywebsite.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

server {
       listen 80;
        listen [::]:80;

       server_name mywebsite.com mywebsite.blah.com;

       root /var/www/html;
       index index.html;

       #passenger_enabled on;

       location / {
                rewrite ^(.*)$ https://$http_host:8080$request_uri redirect;
                try_files $uri $uri/ =404;
        }

        location !/\.ht {
                deny all;
        }

        location ~ \.php$ {
                # include snippets/fastcgi-php.conf;
                fastcgi_pass unix:/run/php/php7.4-fpm.sock;
        }
}

/etc/apache2/sites-available/website-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ServerName mywebsite
        ServerAlias mywebsite.com mywebsite.blah.com
        SSLEngine on
        SSLProxyEngine on
        Include /etc/letsencrypt/options-ssl-apache.conf
        RewriteEngine On


        RewriteCond %{HTTP:Upgrade} =websocket [NC]
    RewriteRule /(.*) ws://amazon-ec2-instance.com:8080/$1 [P,L]

    ProxyPreserveHost On
    ProxyRequests Off
        ProxyPass / http://amazon-ec2-instance.com:8080/
        ProxyPassReverse / http://amazon-ec2-instance.com:8080/
        ProxyPassReverseCookieDomain / http://amazon-ec2-instance.com:8080/
        ProxyPassReverseCookiePath / http://amazon-ec2-instance.com:8080/

        ProxyPass /api/ws wss://amazon-ec2-instance.com:8080/
        ProxyPassReverse /api/ws wss://amazon-ec2-instance.com:8080/

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        <Directory />
          Options FollowSymLinks
          AllowOverride All
        </Directory>

        SSLCertificateFile /etc/letsencrypt/live/mywebsite/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite/privkey.pem
</VirtualHost>
</IfModule>

/etc/nginx/sites-available/website-ssl.conf

server {
    include                     /etc/letsencrypt/options-ssl-nginx.conf;
    listen                      443 ssl;
    server_name                 mywebsite.com;
    ssl_certificate             /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
    ssl_certificate_key         /etc/letsencrypt/live/mywebsite.com/privkey.pem;

    root                        /var/www/html ;

    location / {
        proxy_pass                      http://mywebsite.com:8080/ ;
        proxy_set_header Host           $host;
        proxy_set_header X-Real-IP      $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_cookie_domain http://mywebsite.com:8080/ $host;
        proxy_cookie_path / /;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }

    location /api/ws {
        proxy_pass http://mywebsite.com:8080/ ;
        proxy_set_header Host $host;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    }

    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;
}

/etc/apache2/sites-available/website-ssl2.conf

<IfModule mod_ssl.c>
<VirtualHost *:443>
        ServerAdmin webmaster@localhost
        DocumentRoot /var/www/html
        ServerName mywebsite.com
        ServerAlias mywebsite.com mywebsite.blah.com
        SSLEngine on
        SSLProxyEngine on
        SSLCertificateFile /etc/letsencrypt/live/mywebsite.com/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite.com/privkey.pem
        Include /etc/letsencrypt/options-ssl-apache.conf

    RewriteEngine On

    RewriteCond %{HTTP:Upgrade} =websocket               [NC]
    RewriteRule /(.*)           ws://localhost:8080/$1  [P,L]

        ProxyPreserveHost On
        ProxyRequests Off
        ProxyPass / http://localhost:8080/
        ProxyPassReverse / http://localhost:8080/
        ProxyPassReverseCookieDomain / http://localhost:8080/
        ProxyPassReverseCookiePath / http://localhost:8080/

        ProxyPass /api/ws wss://localhost:8080/
        ProxyPassReverse /api/ws wss://localhost:8080/

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        <Directory />
          Options FollowSymLinks
          AllowOverride All
        </Directory>

</VirtualHost>
</IfModule>

/etc/nginx/sites-available/website-ssl2.conf

server {
    include                     /etc/letsencrypt/options-ssl-nginx.conf;
    listen                      443 ssl;
    server_name                 mywebsite.com;

    ssl_certificate             /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
    ssl_certificate_key         /etc/letsencrypt/live/mywebsite.com/privkey.pem;

    location / {
        proxy_pass                      http://localhost:8080/;
        proxy_set_header Host           $host;
        proxy_set_header X-Real-IP      $remote_addr;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_cookie_domain http://localhost:8080/ $host;
        proxy_cookie_path / /;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
    }


    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    # Other directives specific to your configuration
    # ...
}

Responder1

Altere a primeira linha user nginx;do arquivo '/etc/nginx/nginx.conf' parauser www-data;

Em seguida, reinicie o servidor nginx

systemctl restart nginx

informação relacionada