在我的 AWS Ubuntu 20.04 伺服器上從 apache2 遷移到 nginx 後,我一直在嘗試啟動我的網站。我已將相關文件從 apache2 翻譯到我的 nginx 配置,但是我似乎無法透過頁面獲得安全的 https 存取權。我的配置可以進行健全性檢查嗎?
A我已在 AWS 端指派了一個彈性 IP,並使用我們的 Web 主機平台上的名稱重新路由該 IP 。我已經能夠透過運行來產生 SSL 憑證:sudo certbot certonly --webroot --agree-tos -w /etc/letsencrypt/ --expand -d mywebsite.com,mywebsite.blah.com。
我還可以透過直接在搜尋欄中輸入彈性 IP 位址來直接載入網站,然後載入網頁,但使用https 劃掉並顯示無效的證書訊息。
/etc/nginx/nginx.conf
user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log debug;
pid /var/run/nginx.pid;
events {
worker_connections 1024;
}
http {
server_names_hash_bucket_size 128;
include /etc/nginx/sites-enabled/*;
include /etc/letsencrypt/options-ssl-nginx.conf;
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
sendfile on;
#tcp_nopush on;
keepalive_timeout 65;
#gzip on;
#include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*.conf;
disable_symlinks off;
}
/etc/apache2/sites-available/website.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName mywebsite.com
ServerAlias mywebsite.com mywebsite.blah.com
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/mywebsite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://amazon-ec2-instance.com:8080/$1 [P,L]
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://amazon-ec2-instance.com:8080/
ProxyPassReverse / http://amazon-ec2-instance.com:8080/
ProxyPassReverseCookieDomain / http://amazon-ec2-instance.com:8080/
ProxyPassReverseCookiePath / http://amazon-ec2-instance.com:8080/
ProxyPass /api/ws wss://amazon-ec2-instance.com:8080/
ProxyPassReverse /api/ws wss://amazon-ec2-instance.com:8080/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
</IfModule>
/etc/nginx/sites-available/website.conf
server {
if ($host = mywebsite.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server {
listen 80;
listen [::]:80;
server_name mywebsite.com mywebsite.blah.com;
root /var/www/html;
index index.html;
#passenger_enabled on;
location / {
rewrite ^(.*)$ https://$http_host:8080$request_uri redirect;
try_files $uri $uri/ =404;
}
location !/\.ht {
deny all;
}
location ~ \.php$ {
# include snippets/fastcgi-php.conf;
fastcgi_pass unix:/run/php/php7.4-fpm.sock;
}
}
/etc/apache2/sites-available/website-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName mywebsite
ServerAlias mywebsite.com mywebsite.blah.com
SSLEngine on
SSLProxyEngine on
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://amazon-ec2-instance.com:8080/$1 [P,L]
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://amazon-ec2-instance.com:8080/
ProxyPassReverse / http://amazon-ec2-instance.com:8080/
ProxyPassReverseCookieDomain / http://amazon-ec2-instance.com:8080/
ProxyPassReverseCookiePath / http://amazon-ec2-instance.com:8080/
ProxyPass /api/ws wss://amazon-ec2-instance.com:8080/
ProxyPassReverse /api/ws wss://amazon-ec2-instance.com:8080/
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
SSLCertificateFile /etc/letsencrypt/live/mywebsite/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite/privkey.pem
</VirtualHost>
</IfModule>
/etc/nginx/sites-available/website-ssl.conf
server {
include /etc/letsencrypt/options-ssl-nginx.conf;
listen 443 ssl;
server_name mywebsite.com;
ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem;
root /var/www/html ;
location / {
proxy_pass http://mywebsite.com:8080/ ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cookie_domain http://mywebsite.com:8080/ $host;
proxy_cookie_path / /;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
location /api/ws {
proxy_pass http://mywebsite.com:8080/ ;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
}
/etc/apache2/sites-available/website-ssl2.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ServerName mywebsite.com
ServerAlias mywebsite.com mywebsite.blah.com
SSLEngine on
SSLProxyEngine on
SSLCertificateFile /etc/letsencrypt/live/mywebsite.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mywebsite.com/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
RewriteEngine On
RewriteCond %{HTTP:Upgrade} =websocket [NC]
RewriteRule /(.*) ws://localhost:8080/$1 [P,L]
ProxyPreserveHost On
ProxyRequests Off
ProxyPass / http://localhost:8080/
ProxyPassReverse / http://localhost:8080/
ProxyPassReverseCookieDomain / http://localhost:8080/
ProxyPassReverseCookiePath / http://localhost:8080/
ProxyPass /api/ws wss://localhost:8080/
ProxyPassReverse /api/ws wss://localhost:8080/
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
<Directory />
Options FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>
</IfModule>
/etc/nginx/sites-available/website-ssl2.conf
server {
include /etc/letsencrypt/options-ssl-nginx.conf;
listen 443 ssl;
server_name mywebsite.com;
ssl_certificate /etc/letsencrypt/live/mywebsite.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/mywebsite.com/privkey.pem;
location / {
proxy_pass http://localhost:8080/;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_cookie_domain http://localhost:8080/ $host;
proxy_cookie_path / /;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
}
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
# Other directives specific to your configuration
# ...
}
答案1
user nginx;將檔案“/etc/nginx/nginx.conf”的第一行更改為user www-data;
然後重啟nginx伺服器
systemctl restart nginx