在 express 上使用 ngix 和 ssl 实现的反向代理失败 [英] reverse proxy using ngix and ssl implementation on express failed
问题描述
我尝试在我的 node.js 应用程序中实现 ssl 但失败了.这是我的 app.js
https://gist.github.com/eldyvoon/7a1df560fd9d13da728f090p>eee 在开发 (localhost) 中,我收到您的连接不是私有的"错误.我以为是Chrome的问题. 所以我尝试将它部署到我的 ubuntu 服务器,我为我的 node.js 应用程序使用了 nginx 代理,我的配置如下 但 mysite.com 拒绝连接.我的节点控制台中没有错误.我为此坚持了几天,需要帮助.请注意,在尝试实施 ssl 之前,我的网站之前运行良好. 需要监听443端口并配置nginx使用一些证书. 类似于: 为您的 .pem 和 .key 文件添加正确的路径.您可以从 Let's Encrypt 免费获取证书. I try to implement ssl in my node.js app but failed. Here is my app.js https://gist.github.com/eldyvoon/7a1df560fd9d13da74d090e28f7ee801 In development (localhost) I got 'your connection is not private' error. I thought it was Chrome's problem. So I try to deploy it to my ubuntu server, I use nginx proxy for my node.js app, my config as below But mysite.com refused to connect. No error in my node's console. I stuck for few days for this, need help. Please note that my site is running fine previously before trying to implement ssl. You need to listen on port 443 and configure nginx to use some certificates. Something like: Add correct paths to your .pem and .key files. You can get the certificate for free from Let's Encrypt. 这篇关于在 express 上使用 ngix 和 ssl 实现的反向代理失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!服务器{听80;server_name mysite.com;地点/{proxy_pass http://localhost:3001;proxy_http_version 1.1;proxy_set_header 升级 $http_upgrade;proxy_set_header 连接升级";proxy_set_header 主机 $host;}}服务器{听 443;server_name example.com;add_header Strict-Transport-Security "max-age=3600";ssl 上;ssl_certificate/.../chained2.pem;ssl_certificate_key/.../domain.key;ssl_session_timeout 5m;ssl_protocols TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256-SHA256:ECD-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;ssl_session_cache 共享:SSL:50m;ssl_prefer_server_ciphers on;地点/{proxy_pass http://localhost:3001;proxy_http_version 1.1;proxy_set_header 升级 $http_upgrade;proxy_set_header 连接升级";proxy_set_header 主机 $host;}}server {
listen 80;
server_name mysite.com;
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
server {
listen 443;
server_name example.com;
add_header Strict-Transport-Security "max-age=3600";
ssl on;
ssl_certificate /.../chained2.pem;
ssl_certificate_key /.../domain.key;
ssl_session_timeout 5m;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
ssl_session_cache shared:SSL:50m;
ssl_prefer_server_ciphers on;
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
}
}
