NGINX SSL/路由

tag-icon tag-icon nginx ssl routing
NGINX SSL/路由

這個問題是我之前遇到的問題的延伸,我想將 IP 位址路由到我啟用 SSL 的主機名,現在可以正常工作,但我注意到,在 chrome 瀏覽器上我可以看到安全掛鎖圖示它工作得很好,但在Firefox 和EDGE 上,它會給我安全警告。

NGINX 檔案中的以下程式碼是否需要一些額外的輸入?

這是原始問題供參考- 使用下面的 nginx 設定修復了這個問題。

我有我的網域 example.com,所以當有人點擊時www.example.com 或 example.com 請求會自動定向到 https://example.com- 效果很好。但是,當我使用節點應用程式 1.2.3.4 的 IP 位址時,它不會路由到https://example.com這是啟用 SSL 的。如果我使用 IP 位址,它會顯示同一頁面,但沒有掛鎖圖示。

那我如何將請求路由到https://example.com當有人輸入節點應用程式的IP位址?

我的 Node JS APP 託管在 AWS EC2 執行個體上,我還使用 certbot (LetsEncrpyt) 安裝了 ssl。這是我的 nginx 檔案。

 events {
  worker_connections  4096;  ## Default: 1024
}

http {
 
 
  index    index.html index.htm;

  default_type application/octet-stream;
  log_format   main '$remote_addr - $remote_user [$time_local]  $status '
    '"$request" $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';
  access_log   logs/access.log  main;
  sendfile     on;
  tcp_nopush   on;
  server_names_hash_bucket_size 128; # this seems to be required for some vhosts


# Settings for normal server listening on port 80
server {
  listen       80 default_server;
  listen       [::]:80 default_server;
  server_name  example.com www.example.com 1.2.3.4;
  root         /usr/share/nginx/html;
  # location / {
  # }
  # Redirect non-https traffic to https

  if ($host = 1.2.3.4){
    return 301 https://www.example.com;
  }

  if ($scheme != "https") {
    return 301 https://$host$request_uri;
  }
}
# Settings for a TLS enabled server.
server {
  listen       443 ssl http2 default_server;
  listen       [::]:443 ssl http2 default_server;
  server_name  example.com www.example.com 1.2.3.4;
  root         /usr/share/nginx/html;
  ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
  ssl_certificate_key  /etc/letsencrypt/live/example.com/privkey.pem;
ssl_dhparam "/etc/pki/nginx/dhparams.pem";

  if ($host = $server_addr){
    return 301 https://www.example.com;
  }


  location / {
    proxy_pass http://127.0.0.1:3000;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
    proxy_cache_bypass $http_upgrade;
  }
}
}

這些是Firefox的截圖我剛剛遮住了域名

在此輸入影像描述

After clicking on the Error code : SSL_ERROR_BAD_CERT_DOMAIN, this is what I get 

https://www.example.com/

Unable to communicate securely with peer: requested domain name does not match the server’s certificate.

HTTP Strict Transport Security: false
HTTP Public Key Pinning: false

Certificate chain:

-----BEGIN CERTIFICATE-----
MIIFUTCCBDmgAwIBAgISA152qQHyniTjMg0Mtz+8CCp1MA0GCSqGSIb3DQEBCwUA
MEoxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MSMwIQYDVQQD    
D7Zz5D2d1ZMoxEjNrcLOCIzip2s/4qSpWua6HF48N4asHa81ZEggYeUtdXkBHSf8
75g2yCVPuu29aQtiA4vNl1gjf7YHsI8IwfkmgFNT924MLSiXJLT9iJfr2uO7mclH
Mm/FXWtrWa/DilLSloBCmeG200mBQW9/xs090OARt4sBnxoEgMcCAwEAAaOCAmIw
ggJeMA4GA1UdDwEB/wQEAwIFoDAdBgNVHSUEFjAUBggrBgEFBQcDAQYIKwYBBQUH
AwIwDAYDVR0TAQH/BAIwADAdBgNVHQ4EFgQUiojLfrHzxUcS4JxPnVMRh7x/XCIw
HwYDVR0jBBgwFoAUqEpqYwR93brm0Tm3pkVl7/Oo7KEwbwYIKwYBBQUHAQEEYzBh
MC4GCCsGAQUFBzABhiJodHRwOi8vb2NzcC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
MC8GCCsGAQUFBzAChiNodHRwOi8vY2VydC5pbnQteDMubGV0c2VuY3J5cHQub3Jn
LzAXBgNVHREEEDAOggxjbGFzc2V0dGUuaW4wTAYDVR0gBEUwQzAIBgZngQwBAgEw
NwYLKwYBBAGC3xMBAQEwKDAmBggrBgEFBQcCARYaaHR0cDovL2Nwcy5sZXRzZW5j
cnlwdC5vcmcwggEFBgorBgEEAdZ5AgQCBIH2BIHzAPEAdwDnEvKwN34aYvuOyQxh
hPHqezfLVh0RJlvz4PNL8kFUbgAAAXP75SGAAAAEAwBIMEYCIQDOjjKOgXdziPeX
QVliGqyHwLUTE1ZthYmPJuUI8mSiqgIhAIqgFEOYmqWNFWOyAYrX2kBYEdrrxwBT
BQBxXT98vQJ3AHYAsh4FzIuizYogTodm+Su5iiUgZ2va+nDnsklTLe+LkF4AAAFz
++UhewAABAMARzBFAiEA7MEZ7J9bFOTVtMNZxD8ype1AEyefYWpM+XOuN7NM1koC
IBF4zOJEeJ5tP5vUGPZ4eYqmufGuT84wxleTwlg2zUBeMA0GCSqGSIb3DQEBCwUA
A4IBAQAAG8CxDGmt4zsoodG2o94/uFdx1keBPMUo1HjV1ZwMEMIEVlpS2UbYqwSj
eI88EKGYYFrUIAqpf6YI64F9qYXIOnd9+ckTtz4vjtgGdYV7s5j5+HaV7NPjDtkr
s+nMYtWVPGIXbUZCjItbfreGW86ayFf6uXESN6reiNpXJsmbEp7d8n/9gVoez2RZ
y8TOrdefZ5osN2MBwNSTmZ5YtF/7MJELWerghR3iJ2sNSp7/Y6rCcrBpULMFyoc0
4JGmgcy1T8Bk8eQOeCAg75qKWuWESylOZnxwi6c23SxdYZk2/EqYDL6fg3OJCmtK
C5JUytStqLcBEVj7AnC2daKJQyWq
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEkjCCA3qgAwIBAgIQCgFBQgAAAVOFc2oLheynCDANBgkqhkiG9w0BAQsFADA/
MSQwIgYDVQQKExtEaWdpdGFsIFNpZ25hdHVyZSBUcnVzdCBDby4xFzAVBgNVBAMT
DkRTVCBSb290IENBIFgzMB4XDTE2MDMxNzE2NDA0NloXDTIxMDMxNzE2NDA0Nlow
SjELMAkGA1UEBhMCVVMxFjAUBgNVBAoTDUxldCdzIEVuY3J5cHQxIzAhBgNVBAMT
GkxldCdzIEVuY3J5cHQgQXV0aG9yaXR5IFgzMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAnNMM8FrlLke3cl03g7NoYzDq1zUmGSXhvb418XCSL7e4S0EF
q6meNQhY7LEqxGiHC6PjdeTm86dicbp5gWAf15Gan/PQeGdxyGkOlZHP/uaZ6WA8    
CCsGAQUFBzABhiZodHRwOi8vaXNyZy50cnVzdGlkLm9jc3AuaWRlbnRydXN0LmNv
bTA7BggrBgEFBQcwAoYvaHR0cDovL2FwcHMuaWRlbnRydXN0LmNvbS9yb290cy9k
c3Ryb290Y2F4My5wN2MwHwYDVR0jBBgwFoAUxKexpHsscfrb4UuQdf/EFWCFiRAw
VAYDVR0gBE0wSzAIBgZngQwBAgEwPwYLKwYBBAGC3xMBAQEwMDAuBggrBgEFBQcC
ARYiaHR0cDovL2Nwcy5yb290LXgxLmxldHNlbmNyeXB0Lm9yZzA8BgNVHR8ENTAz
MDGgL6AthitodHRwOi8vY3JsLmlkZW50cnVzdC5jb20vRFNUUk9PVENBWDNDUkwu
Y3JsMB0GA1UdDgQWBBSoSmpjBH3duubRObemRWXv86jsoTANBgkqhkiG9w0BAQsF
AAOCAQEA3TPXEfNjWDjdGBX7CVW+dla5cEilaUcne8IkCJLxWh9KEik3JHRRHGJo
uM2VcGfl96S8TihRzZvoroed6ti6WqEBmtzw3Wodatg+VyOeph4EYpr/1wXKtx8/
wApIvJSwtmVi4MFU5aMqrSDE6ea73Mj2tcMyo5jMd6jmeWUHK8so/joWUoHOUgwu
X4Po1QYz+3dszkDqMp4fklxBwXRsW10KXzPMTZ+sOPAveyxindmjkW8lGy+QsRlG
PfZ+G6Z6h7mjem0Y+iWlkYcV4PIWL1iwBi8saCbGS5jN2p8M+X+Q7UNKEkROb3N6
KOqkqm57TH2H3eDJAkSnh6/DNFu0Qg==
-----END CERTIFICATE-----

對於 EDGE 瀏覽器,它顯示“不安全:https://1.2.3.4”,其中 https 已刪除。

但對於 chrome 來說一切正常。沒有錯誤或警告

相關內容