我正在关注堆栈问题qazxsw poi来配置我的Spring Boot应用程序以使用https(certbot)但我的Nginx没有正确地重定向到我的应用程序。
更多上下文:我正在使用Cloudflare,将www.example.com(我的域)请求重定向到我拥有Nginx和Springboot应用程序的机器。我希望Nginx将端口80请求上的http重定向到我在端口8443(https)上运行的应用程序。我已经安装了certbot(letsencrypt)证书,并设置了我的nginx配置。
生成证书后的配置如下:
Springboot application.properties
How can I set up a letsencrypt SSL certificate and use it in a Spring Boot application?
更新1 >> Nginx /etc/nginx/nginx.conf
server.port=8443
security.require-ssl=true
server.ssl.key-store=/etc/letsencrypt/live/mydomain/keystore.p12
server.ssl.key-store-password=mydomain
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=myAlias
输出命令nginx -T
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
log_format formatWithUpstreamLogging '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $request';
access_log /var/log/nginx/access.log formatWithUpstreamLogging;
error_log /var/log/nginx/error.log;
server {
listen 80;
server_name www.example.com example.com;
return 301 https://$server_name$request_uri;
}
# SSL configuration
server {
listen 443 ssl;
server_name www.example.com example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-NginX-Proxy true;
proxy_pass https://localhost:8443/;
}
}
}
输出命令nginx -T
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
log_format formatWithUpstreamLogging '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $request';
access_log /var/log/nginx/access.log formatWithUpstreamLogging;
error_log /var/log/nginx/error.log;
server {
listen 80;
server_name www.example.com example.com;
return 301 https://$server_name$request_uri;
}
# SSL configuration
server {
listen 443 ssl;
server_name www.example.com example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# managed by Certbot
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-NginX-Proxy true;
proxy_pass https://localhost:8443/;
}
}
}
更新2 >>> Nginx /etc/nginx/nginx.conf
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful
# configuration file /etc/nginx/nginx.conf:
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
log_format formatWithUpstreamLogging '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $request';
access_log /var/log/nginx/access.log formatWithUpstreamLogging;
error_log /var/log/nginx/error.log;
server {
listen 80;
server_name www.example.com example.com;
return 301 https://$server_name$request_uri;
}
# SSL configuration
server {
listen 443 ssl;
server_name www.example.com example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# managed by Certbot
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-NginX-Proxy true;
proxy_pass https://localhost:8443/;
}
}
}
当我启动nginx和我的springboot应用程序并尝试访问Chrome中的www.example.com时,我得到此页面(如下图所示)
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
log_format formatWithUpstreamLogging '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $request';
access_log /var/log/nginx/access.log formatWithUpstreamLogging;
error_log /var/log/nginx/error.log;
server {
listen 80;
server_name www.codeonblue.com.br codeonblue.com.br;
ssl_certificate /etc/letsencrypt/live/codeonblue.com.br/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/codeonblue.com.br/privkey.pem;
# managed by Certbot
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-NginX-Proxy true;
proxy_pass https://localhost:8443/;
}
}
}
由于/var/log/nginx/error.log没有条目我检查了访问日志,并且有很多这样的请求(尽管我只做了一个请求):
Nginx访问日志(/var/log/nginx/access.log)
以下是卷曲结果:
卷曲 - 我[06/Mar/2019:12:59:52 +0000] <same-IP-address> - - - www.example.com to: -: GET / HTTP/1.1
https://www.example.com/
卷曲 - 我HTTP/1.1 301 Moved Permanently
Date: Wed, 06 Mar 2019 14:32:26 GMT
Content-Type: text/html
Connection: keep-alive
Set-Cookie: __cfduid=d330e880850b37d5a9870c1edb71ab8c01551882746; expires=Thu, 05-Mar-20 14:32:26 GMT; path=/; domain=.example.com; HttpOnly
Location: https://www.example.com/
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Server: cloudflare
CF-RAY: 4b3509fdb8e0c879-MIA
http://www.example.com/
谁能在这个问题上帮助我?我错过了什么?
更新3 >>> nginx.conf中的更多更改和清理cloudflare缓存
Nginx /etc/nginx/nginx.conf
HTTP/1.1 301 Moved Permanently
Date: Wed, 06 Mar 2019 14:32:56 GMT
Content-Type: text/html
Connection: keep-alive
Set-Cookie: __cfduid=d9e1f2908ee4037d46bffa6866549c3151551882776; expires=Thu, 05-Mar-20 14:32:56 GMT; path=/; domain=.example.com; HttpOnly
Location: https://www.example.com/
Server: cloudflare
CF-RAY: 4b350ab9d83fc895-MIA
在此更新后,部分问题得以解决:
卷曲测试
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
log_format formatWithUpstreamLogging '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $request';
#main log format
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;
server {
listen 80;
server_name www.codeonblue.com.br codeonblue.com.br;
ssl_certificate /etc/letsencrypt/live/codeonblue.com.br/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/codeonblue.com.br/privkey.pem;
# managed by Certbot
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-NginX-Proxy true;
proxy_pass https://localhost:8443/;
}
}
}
在Firefox / Chrome浏览器中,前端部分是可见的,如下图所示:
火狐
curl -I http://www.example.com
HTTP/1.1 200
Date: Wed, 06 Mar 2019 22:19:11 GMT
Content-Type: text/html;charset=UTF-8
Connection: keep-alive
Set-Cookie: __cfduid=d3f91ee93c3657a851354dbb4f03741a31551910750; expires=Thu, 05-Mar-20 22:19:10 GMT; path=/; domain=.example.com; HttpOnly
Last-Modified: Wed, 06 Mar 2019 22:03:01 GMT
Accept-Ranges: bytes
Content-Language: en-US
Server: cloudflare
CF-RAY: 4b37b5b08cf05eb2-TPA
铬
新问题:
在访问日志中,我访问过:
Nginx访问日志(/var/log/nginx/access.log)
http://www.example.com.br
在Postman中,当我尝试访问端点时:
172.68.78.24 - - [06/Mar/2019:22:19:11 +0000] "HEAD / HTTP/1.1" 200 0 "-" "curl/7.47.0" "<ip-address-of-my-machine>"
172.68.78.24 - - [06/Mar/2019:22:19:46 +0000] "GET / HTTP/1.1" 200 578 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0" "<ip-address-of-my-machine>"
172.68.78.36 - - [06/Mar/2019:22:19:46 +0000] "GET /runtime.js HTTP/1.1" 200 6224 "https://www.example.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0" "<ip-address-of-my-machine>"
172.68.78.42 - - [06/Mar/2019:22:19:46 +0000] "GET /main.js HTTP/1.1" 200 19198 "https://www.example.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0" "<ip-address-of-my-machine>"
172.68.78.54 - - [06/Mar/2019:22:19:46 +0000] "GET /styles.js HTTP/1.1" 200 185363 "https://www.example.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0" "<ip-address-of-my-machine>"
172.68.78.96 - - [06/Mar/2019:22:19:46 +0000] "GET /polyfills.js HTTP/1.1" 200 228524 "https://www.example.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0" "<ip-address-of-my-machine>"
172.68.78.42 - - [06/Mar/2019:22:19:46 +0000] "GET /vendor.js HTTP/1.1" 200 6821593 "https://www.example.com/" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0" "<ip-address-of-my-machine>"
172.68.78.18 - - [06/Mar/2019:22:19:48 +0000] "GET /favicon.ico HTTP/1.1" 200 5430 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:65.0) Gecko/20100101 Firefox/65.0" "<ip-address-of-my-machine>"
172.68.78.60 - - [06/Mar/2019:22:20:36 +0000] "GET / HTTP/1.1" 200 578 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36" "<ip-address-of-my-machine>"
172.68.78.60 - - [06/Mar/2019:22:21:33 +0000] "GET / HTTP/1.1" 200 578 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36" "<ip-address-of-my-machine>"
172.68.78.60 - - [06/Mar/2019:22:22:06 +0000] "GET / HTTP/1.1" 304 0 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/72.0.3626.121 Safari/537.36" "<ip-address-of-my-machine>"
221.229.166.47 - - [06/Mar/2019:22:32:53 +0000] "GET / HTTP/1.1" 200 578 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1" "-"
172.68.78.60 - - [06/Mar/2019:22:44:06 +0000] "GET / HTTP/1.1" 200 578 "-" "PostmanRuntime/7.1.1" "<ip-address-of-my-machine>"
我得到一个很大的输出,我认为这部分更重要:
https://www.example.com:8443/api/cars
我认为超时是由于我访问我的服务/端点的错误方式。那么,我现在应该如何访问它?如何设置nginx以使用certbot证书而不是cloudflare?
我的问题部分解决了。这是我的场景和我使用的配置:
Springboot application.properties
(...)
<title>www.example.com | 522: Connection timed out</title>
(...)
<h2 class="cf-subheadline">Connection timed out</h2>
(...)
<span class="cf-status-desc">www.example.com</span>
(...)
<h2>What happened?</h2>
<p>The initial connection between Cloudflare's network and the origin web server timed out. As a result, the web page can not be displayed.</p>
<h5>If you're the owner of this website:</h5>
<span>Contact your hosting provider letting them know your web server is not completing requests. An Error 522 means that the request was able to connect to your web server, but that the request didn't finish. The most likely cause is that
something on your server is hogging resources.
</span>
(...)
Angular 6服务应该如何使用API
server.port=8443
security.require-ssl=true
server.ssl.key-store=/etc/letsencrypt/live/www.example.com/keystore.p12
server.ssl.key-store-password=www.example.com
server.ssl.keyStoreType=PKCS12
server.ssl.keyAlias=myAlias
Nginx /etc/nginx/nginx.conf
getAll(): Observable<any> {
return this.http.get('/api/cars'); // production
}
其他设置:
pid /run/nginx.pid;
events {
worker_connections 768;
}
http {
log_format formatWithUpstreamLogging '[$time_local] $remote_addr - $remote_user - $server_name to: $upstream_addr: $request';
#main log format
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
error_log /var/log/nginx/error.log;
server {
listen 80;
server_name www.example.com example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# managed by Certbot
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-NginX-Proxy true;
proxy_pass https://localhost:8443/;
proxy_redirect http://localhost:8443/ https://localhost:8443/;
}
}
}
)但是,http流量仍未被Nginx重定向到https
如果有人知道如何使这个重定向工作,请告诉我:)
Ps。:我要感谢How can I set up a letsencrypt SSL certificate and use it in a Spring Boot application?在这个问题上花了所有的帮助和时间!