Tenho tentado colocar meu site no ar depois de mudar do Apache2 para o nginx em meu servidor AWS Ubuntu 20.04. Traduzi os arquivos relevantes do Apache2 para minha configuração do nginx, mas não consigo obter acesso https seguro por meio da página. Minhas configurações podem ser verificadas?
Aloquei um IP elástico no lado da AWS e o redirecionei com um Anome em nossa plataforma de host da web. Consegui gerar os certificados SSL executando: sudo certbot certonly --webroot --agree-tos -w /etc/letsencrypt/ --expand -d mywebsite.com,mywebsite.blah.com.
Também posso carregar o site diretamente inserindo o endereço IP elástico diretamente na minha barra de pesquisa e a página da web carrega, mas comhttps riscado e uma mensagem de certificado inválido.
/etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log debug;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
server_names_hash_bucket_size 128;
include /etc/nginx/sites-enabled/*;
include /etc/letsencrypt/options-ssl-nginx.conf;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
#include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
disable_symlinks off;
}
/etc/apache2/sites-available/website.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName mywebsite.com
ServerAlias mywebsite.com mywebsite.blah.com
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/mywebsite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://amazon-ec2-instance.com:8080/$1 [P,L]
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://amazon-ec2-instance.com:8080/
ProxyPassReverse / http://amazon-ec2-instance.com:8080/
ProxyPassReverseCookieDomain / http://amazon-ec2-instance.com:8080/
ProxyPassReverseCookiePath / http://amazon-ec2-instance.com:8080/
ProxyPass /api/ws wss://amazon-ec2-instance.com:8080/
ProxyPassReverse /api/ws wss://amazon-ec2-instance.com:8080/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
</IfModule>
/etc/nginx/sites-available/website.conf
server {
if ($host = mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server {
listen 80;
listen [::]:80;
server_name mywebsite.com mywebsite.blah.com;
root /var/www/html;
index index.html;
#passenger_enabled on;
location / {
rewrite ^(.*)$ https://$http_host:8080$request_uri redirect;
try_files $uri $uri/ =404;
}
location !/\.ht {
deny all;
}
location ~ \.php$ {
# include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
}
/etc/apache2/sites-available/website-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName mywebsite
ServerAlias mywebsite.com mywebsite.blah.com
SSLEngine on
SSLProxyEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://amazon-ec2-instance.com:8080/$1 [P,L]
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://amazon-ec2-instance.com:8080/
ProxyPassReverse / http://amazon-ec2-instance.com:8080/
ProxyPassReverseCookieDomain / http://amazon-ec2-instance.com:8080/
ProxyPassReverseCookiePath / http://amazon-ec2-instance.com:8080/
ProxyPass /api/ws wss://amazon-ec2-instance.com:8080/
ProxyPassReverse /api/ws wss://amazon-ec2-instance.com:8080/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
SSLCertificateFile /etc/letsencrypt/live/mywebsite/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite/privkey.pem
</VirtualHost>
</IfModule>
/etc/nginx/sites-available/website-ssl.conf
server {
include /etc/letsencrypt/options-ssl-nginx.conf;
listen 443 ssl;
server_name mywebsite.com;
ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem;
root /var/www/html ;
location / {
proxy_pass http://mywebsite.com:8080/ ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cookie_domain http://mywebsite.com:8080/ $host;
proxy_cookie_path / /;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ws {
proxy_pass http://mywebsite.com:8080/ ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
}
/etc/apache2/sites-available/website-ssl2.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName mywebsite.com
ServerAlias mywebsite.com mywebsite.blah.com
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/mywebsite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:8080/$1 [P,L]
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPassReverseCookieDomain / http://localhost:8080/
ProxyPassReverseCookiePath / http://localhost:8080/
ProxyPass /api/ws wss://localhost:8080/
ProxyPassReverse /api/ws wss://localhost:8080/
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
</IfModule>
/etc/nginx/sites-available/website-ssl2.conf
server {
include /etc/letsencrypt/options-ssl-nginx.conf;
listen 443 ssl;
server_name mywebsite.com;
ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem;
location / {
proxy_pass http://localhost:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cookie_domain http://localhost:8080/ $host;
proxy_cookie_path / /;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Other directives specific to your configuration
# ...
}
Responder1
Altere a primeira linha user nginx;do arquivo '/etc/nginx/nginx.conf' parauser www-data;
Em seguida, reinicie o servidor nginx
systemctl restart nginx