Nginx和Certbot不会转发到443，而只会转发到ASPNET核心和Kestrel上的端口5001 [英] Nginx and Certbot won't forward to 443, only port 5001 on aspnet core and kestrel

问题描述

我正在尝试使用以下设置来部署aspnet core 2.2站点，但是当输入url somesite.co.uk时，它将转发到端口5001而不是443.有人可以发现我在做什么吗?

I'm trying to deploy an aspnet core 2.2 site with the following setup but when entering url somesite.co.uk it forwards to port 5001 and not 443. Can anyone spot what I'm doing wrong?

在浏览器中输入somesite.co.uk时，它将重定向到https://somesite.co.uk:5001

When entering somesite.co.uk in a browser it redirects to https://somesite.co.uk:5001

C#-程序

public class Program
{
    public static void Main(string[] args)
    {
        CreateWebHostBuilder(args).Build().Run();
    }

    public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
        WebHost.CreateDefaultBuilder(args)
        .UseStartup<Startup>();
}

C#-appsettings.json

C# - appsettings.json

{
  "Kestrel": {
    "Endpoints": {
      "Http": {
        "Url": "http://0.0.0.0:5000"
      },
      "Https": {
        "Url": "https://0.0.0.0:5001"
      }
    }
  },
  "Logging": {
    "LogLevel": {
      "Default": "Warning"
    }
  },
  "AllowedHosts": "*"
}

Linux-/etc/systemd/system/kestrel-somesite.service

Linux - /etc/systemd/system/kestrel-somesite.service

[Service]
WorkingDirectory=/usr/share/nginx/html
ExecStart=/usr/bin/dotnet /usr/share/nginx/html/somesite.dll
Restart=always
RestartSec=10
SyslogIdentifier=dotnet-coretest
User=root
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false
Environment=ASPNETCORE_HTTPS_PORT=5001
Environment=ASPNETCORE_URLS=http://*:5000;https://*:5001

[Install]
WantedBy=multi-user.target

Linux-/etc/nginx/sites-available/first.conf

Linux - /etc/nginx/sites-available/first.conf

server {

    server_name somesite.co.uk;
    root /usr/share/nginx/html;

        location / {
            proxy_pass         http://localhost:5000;
            proxy_http_version 1.1;
            proxy_set_header   Upgrade $http_upgrade;
            proxy_set_header   Connection keep-alive;
            proxy_set_header   Host $host;
            proxy_cache_bypass $http_upgrade;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/somesite.co.uk/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/somesite.co.uk/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}server {
    if ($host = somesite.co.uk) {
        return 301 https://$server_name$request_uri;
    } # managed by Certbot


    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    server_name somesite.co.uk;
    return 404; # managed by Certbot

}

推荐答案

但是您还记得在启动时使用app.UseForwaredHeaders吗?

But have you remembered to use app.UseForwaredHeaders in startup?

app.UseForwardedHeaders(new ForwardedHeadersOptions
{
   ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});

通常，您不必在服务文件中指定端口(最后两个环境行). 我建议浏览 linode上的文档也是nginx ，除了

Usually you don't have to specify ports in the service file (the last two environment lines). I recommend going over the docs at linode for nginx too, they are helpful in addition to the official docs in microsoft's site.

这篇关于Nginx和Certbot不会转发到443，而只会转发到ASPNET核心和Kestrel上的端口5001的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！