反向代理使用ngix和ssl实现express表示失败 [英] reverse proxy using ngix and ssl implementation on express failed

问题描述

我尝试在我的node.js应用程序中实现ssl但失败。这是我的app.js

I try to implement ssl in my node.js app but failed. Here is my app.js

https：/ /gist.github.com/eldyvoon/7a1df560fd9d13da74d090e28f7ee801

在开发（localhost）中，我得到'你的连接不是私人的'错误。我以为这是Chrome的问题。

In development (localhost) I got 'your connection is not private' error. I thought it was Chrome's problem.

所以我尝试将其部署到我的ubuntu服务器，我使用nginx代理我的node.js应用程序，我的配置如下

So I try to deploy it to my ubuntu server, I use nginx proxy for my node.js app, my config as below

server {

    listen 80;

    server_name mysite.com;

    location / {
        proxy_pass http://localhost:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
    }

}

但是mysite.com拒绝连接。我的节点的控制台没有错误。我停了好几天，需要帮忙。请注意，我的网站在尝试实现ssl之前运行正常。

But mysite.com refused to connect. No error in my node's console. I stuck for few days for this, need help. Please note that my site is running fine previously before trying to implement ssl.

推荐答案

您需要在端口443上侦听并配置nginx使用一些证书。

You need to listen on port 443 and configure nginx to use some certificates.

某些东西：

server {
    listen 443;
    server_name example.com;
    add_header Strict-Transport-Security "max-age=3600";
    ssl on;
    ssl_certificate /.../chained2.pem;
    ssl_certificate_key /.../domain.key;
    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA;
    ssl_session_cache shared:SSL:50m;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://localhost:3001;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection "upgrade";
        proxy_set_header Host $host;
    }

}

为.pem添加正确的路径和.key文件。您可以从我们加密免费获得证书。

Add correct paths to your .pem and .key files. You can get the certificate for free from Let's Encrypt.

这篇关于反向代理使用ngix和ssl实现express表示失败的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！