【发布时间】:2018-07-02 23:42:36
【问题描述】:
我真的希望你们能帮助我。我迷失了设置 ssl 的不同指南。
当我尝试访问我的网站时,我只收到502 Bad Gateway。普通的旧 nginx 工作得很好,没有强制 ssl 的“简单”ssl 也工作得很好。
这是我的配置文件。
default.conf
## http://xn--srentorp-54a.dk redirects to https://xn--srentorp-54a.dk
server {
listen 80;
listen [::]:80;
server_name xn--srentorp-54a.dk;
include /etc/nginx/snippets/letsencrypt.conf;
location / {
return 301 https://xn--srentorp-54a.dk$request_uri;
}
}
## http://www.xn--srentorp-54a.dk redirects to https://www.xn--srentorp-54a.dk
server {
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name www.xn--srentorp-54a.dk;
include /etc/nginx/snippets/letsencrypt.conf;
location / {
return 301 https://www.xn--srentorp-54a.dk$request_uri;
}
}
## https://xn--srentorp-54a.dk redirects to https://www.xn--srentorp-54a.dk
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name xn--srentorp-54a.dk;
ssl_certificate /etc/letsencrypt/live/xn--srentorp-54a.dk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xn--srentorp-54a.dk/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/xn--srentorp-54a.dk/fullchain.pem;
include /etc/nginx/snippets/ssl.conf;
location / {
return 301 https://www.xn--srentorp-54a.dk$request_uri;
}
}
## Serves https://www.xn--srentorp-54a.dk
server {
server_name www.xn--srentorp-54a.dk;
listen 443 ssl http2 default_server;
listen [::]:443 ssl http2 default_server ipv6only=on;
ssl_certificate /etc/letsencrypt/live/xn--srentorp-54a.dk/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xn--srentorp-54a.dk/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/xn--srentorp-54a.dk/fullchain.pem;
include /etc/nginx/snippets/ssl.conf;
root /var/www/;
index index.html index.php;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
include fastcgi.conf;
}
location ~/\.ht {
deny all;
}
}
server {
listen 80;
server_name torpinc.xn--srentorp-54a.dk;
location / {
proxy_pass http://localhost:8081;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 8m;
client_body_buffer_size 128k;
}
}
server {
listen 80;
server_name perpt.xn--srentorp-54a.dk;
location / {
proxy_pass http://localhost:8082;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_connect_timeout 150;
proxy_send_timeout 100;
proxy_read_timeout 100;
proxy_buffers 4 32k;
client_max_body_size 8m;
client_body_buffer_size 128k;
}
}
letsencrypt.conf
location ^~ /.well-known/acme-challenge/ {
default_type "text/plain";
root /var/www/letsencrypt;
}
ssl.conf
sl_session_timeout 1d;
ssl_session_cache shared:SSL:50m;
ssl_session_tickets off;
ssl_protocols TLSv1.2;
ssl_ciphers EECDH+AESGCM:EECDH+AES;
ssl_ecdh_curve secp384r1;
ssl_prefer_server_ciphers on;
ssl_stapling on;
ssl_stapling_verify on;
add_header Strict-Transport-Security "max-age=15768000; includeSubdomains; preload";
add_header X-Frame-Options DENY;
add_header X-Content-Type-Options nosniff;
【问题讨论】:
-
欢迎来到 Stack Overflow。有一个关于提问的礼仪,你可以在这里阅读stackoverflow.com/help/how-to-ask。您的问题只是一个代码转储和“这不起作用”,这使得在不花费大量时间尝试重现问题的情况下很难提供解决方案。请提供更多信息,说明您认为问题出在哪里以及您尝试过的方法
-
感谢您的回复@mikkel。我想给你更多的信息,我只是不知道你需要什么信息。有什么日志等可以提供给你吗?
-
我解决了这个问题。它与这个问题有关。 stackoverflow.com/questions/23443398/…