我的需求是:
- 同一个域名范文,通过指定 URL 访问具体的端口
- 不使用二级域名
- 全局 https,强制 http 转 https
现在我解决了,http 和 https 共存,且可以通过 http 访问指美国服务器定 URL,但是当 https 访问时会 404
我的配置文件如下:
# sudo certbot certonly --webroot -w /usr/share/nginx/html/ -d hzzone.io
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
# multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
# server_tokens off;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
##
# Logging Settings
##
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
gzip_disable "msie6";
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
server {
listen 80;
listen 443 ssl;
# 域名,实际情况下时,将这个改成域名
server_name hzzone.io;
ssl on;
# 证书位置
ssl_certificate /etc/letsencrypt/live/hzzone.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hzzone.io/privkey.pem;
location /api {
proxy_pass http://localhost:1111/api;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header X-Real-IP $remote_addr;
}
location / {
proxy_pass https://localhost;
}
}
}
为什么当我使用 http 访问 域名 /api/子目录 时,是正常的,而 https 却 404 呢?我看了 access log,根本没有转发。
请问是什么原因导致的这个问题?
我的 python 代码如下:
```python
from flask import Flask
app = Flask(__name__)
@app.route('/api/latex')
def hello_world():
return 'Hello World!'
if __name__ == "__main__":
context = ('/etc/letsencrypt/live/hzzone.io/fullchain.pem', '/etc/letsencrypt/live/hzzone.io/privkey.pem')
app.run(host='0.0.0.0', ssl_context=context, port=1111)
app.run(host='0.0.0.0', ssl_context=context, port=1111)
```
即使我 flask 也使用 https,http 访问 502 Bad Gateway,https 访问 404 Not Found,即使我改成 `http://localhost:1111/api;`
location / 转发到 443 端口,这个有什么意义?自己转发到自己不就死循环了,你看了 error.log 吗
如果你想实现 http 转 https 可以用 rewrite 进行 301 跳转。
一个 server 上配两个端口行不行得通我不知道,一般 HTTP 和 https 的 server 是分开配置的
proxy_pass https://localhost;
这是要干嘛……
location / 这个地方有问题。如果是针对 http 的,你需要把两个端口分开来配。
```
2018/10/10 09:18:08 [error] 1798*4 open() "/usr/share/nginx/html/api/latex" failed (2: No such file or directory), client: 182.148.57.110, server: hzzone.io, request: "GET /api/latex HTTP/1.1", host: "hzzone.io"
```
把这几行删了之后还是一样的呀,404
我想做的事对指定 URL 转发到本机上的其他端口
分两个 server 吗??
https 不能多个端口吧
server {
listen 80;
server_name xxxx.com;
server_name www.xxxx.com;
access_log /home/wwwlogs/xxxx.access.log;
root /home/wwwroot/xxxx;
include enable-php.conf;
location / {
return 301 https://www.xxxx.com$request_uri;
}
}
server {
listen 443 ssl http2;
server_name www.xxxx.com;
root /home/wwwroot/xxxx;
ssl_certificate xxxx.pem;
ssl_certificate_key xxxx.key;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1.2;
ssl_session_timeout 5m;
ssl_prefer_server_ciphers on;
include enable-php.conf;
location / {
include wordpress.conf;
index index.php index.html index.htm;
}
location /api {
proxy_pass http://127.0.0.1:3000/api;
}
}
此贴结束,最终配成功了,需求如下:
http 全部转 https
指定 url 转发,例如 域名 /api/latex 转发 域名:1111/api/latex
配置文件如下:
```
user www-data;
worker_processes auto;
pid /run/nginx.pid;
events {
worker_connections 768;
multi_accept on;
}
http {
server {
listen 80;
server_name 域名;
rewrite ^/(.*) https://hzzone.io/$1 permanent;
}
server {
listen 443;
ssl on;
ssl_certificate /etc/letsencrypt/live/hzzone.io/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/hzzone.io/privkey.pem;
server_name 域名;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
location / {
checks for static files; if not found, proxy to app
$uri @proxy_to_app;
}
location /api {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $http_host;
proxy_redirect off;
proxy_pass http://localhost:1111/api;
}
}
}
```
谢谢哈,我已经配好了
ssh 账号给我 我去帮你配