在 nginx 伺服器中安裝 SSL 憑證後無法登入我的節點應用程式

tag-icon tag-icon nginx ssl ssl-certificate ssl-certificate-errors
在 nginx 伺服器中安裝 SSL 憑證後無法登入我的節點應用程式

我有一個節點應用程序,其前端部署在 Nginx http Web 伺服器中,後端(分子微服務)部署在 AWS ec2 Linux VM 上的節點伺服器中。應用程式 URL 本質上是這個 Linux 伺服器主機名稱或公用 ipv4 位址(http://hostname:80 或 http://ipv4:8080 ),因為這個 URL 不安全,我想使用 SSL 來保護它,並且能夠為此,我從cloudns.net 購買了一個域名,並將其指向我的ec2 實例的公共ipv4。現在,我使用 certbot 和 letencrpt.org 在 Nginx 伺服器中安裝了 SSL 證書,現在我的登入頁面中有 https,並且 SSL 證書正確顯示(https://host.mypurchaseddomainname)。現在,當我嘗試透過傳遞憑證登入我的應用程式時,它不允許我進入,並且在使用檢查元素(我使用的是 chrome)進行檢查時,請求 URL 不返回任何內容,並且錯誤為 ERR_CONNECTION_CLOSED。此請求 URL 是在 8082 連接埠上發出請求的 post 方法。請求URL 如下所示: https://hostname:8082/v1/auth/signin 這裡要提到的另一件事是,在安裝SSL 之前,應用程式的端點URL 可以附加連接埠號碼80、8080,輸入後,它會最終變成只是主機名稱(http://hostname/signin?),但安裝SSL 後,如果我將任何內容附加到https URL(例如https://mypurchasedhostname:8080),它會拋出錯誤:網站無法存取已達到,這顯然與登入請求 URL 發生的情況相同。儘管這些連接埠 (80,8080) 在使用 http://hostname 時最終會變成 https://hostname/somewelcometext 並且登入頁面會開啟。

我不確定是否是伺服器配置問題或後端也需要更改某些內容。請注意,我的登入請求 URL 之前有 http,我從後端更改為 https,以避免混合內容錯誤。以下是nginx.conf新增 SSL 配置之前和之後的檔案。

無 SSL:

sudo vim /etc/nginx/nginx.conf

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

  #Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

     server {
        listen       80 default_server;
        listen       8080 default_server;
        server_name  mypurchasedhostname;
        root         /usr/share/nginx/html;
        index        index.html;



        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        location / {
            try_files $uri $uri/ /index.html;
            add_header Cache-Control 'no-cache';
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }
    }}

使用 SSL:

sudo vim /etc/nginx/nginx.conf

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log;
pid /run/nginx.pid;

    # Load dynamic modules. See /usr/share/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    tcp_nodelay         on;
    keepalive_timeout   65;
    types_hash_max_size 2048;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

     server {
        listen       80 default_server;
        listen       8080 default_server;
        server_name  mypurchasedhostname;
       # root         /usr/share/nginx/html;
       # index        index.html;
       return 301 https://$host$request_uri;

    }


#SSL settings

server {

    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    server_name  mypurchasedhostname;
    root         /usr/share/nginx/html;
    index        index.html;

    ssl_certificate /etc/letsencrypt/live/mypurchasedhostname/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/mypurchasedhostname/privkey.pem;
    ssl_session_timeout 1d;
    ssl_session_cache shared:MozSSL:10m;  # about 40000 sessions
    ssl_session_tickets off;

    # curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam
    # ssl_dhparam /path/to/dhparam;

    # intermediate configuration
    ssl_protocols TLSv1.2;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384;
    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (63072000 seconds)
    add_header Strict-Transport-Security "max-age=63072000" always;

    # OCSP stapling
    ssl_stapling on;
    ssl_stapling_verify on;

    # verify chain of trust of OCSP response using Root CA and Intermediate certs
    # ssl_trusted_certificate /path/to/root_CA_cert_plus_intermediates;

    # replace with the IP address of your resolver
    resolver 8.8.8.8;
    # Load configuration files for the default server block.

        include /etc/nginx/default.d/*.conf;

        location / {
            try_files $uri $uri/ /index.html;
            add_header Cache-Control 'no-cache';
        }

        error_page 404 /404.html;
            location = /40x.html {
        }

        error_page 500 502 503 504 /50x.html;
            location = /50x.html {
        }

}

}

相關內容