我正在使用docker-compose和拥有有效的letsencrypt证书在Ubuntu 16上部署keystonejs应用程序。
我在keystone.js中添加了以下设置
'ssl': true
'port': 3000,
'admin path': 'admin',
'ssl cert': '/etc/letsencrypt/live/mydomain.com/fullchain.pem',
'ssl key': '/etc/letsencrypt/live/mydomain.com/privkey.pem',
'letsencrypt': (process.env.NODE_ENV === 'production') && {
email: '[email protected]',
domains: ['www.mydomain.com', 'mydomain.com'],
register: true,
tos: true,
},
服务器开始正常显示我:
app |
app | ------------------------------------------------
app | KeystoneJS v4.0.0 started:
app | mydomain is ready on http://0.0.0.0:3000
app | SSL Server is ready on https://0.0.0.0:3001
app | ------------------------------------------------
app |
但是当我访问我的网站时。它不会在浏览器的url选项卡中显示为安全。它显示一个小感叹号(!)说:您与此站点的连接不安全。
我的服务器上有apache2。
在/etc/apache2/sites-available/mydomain.com.conf下我有这个:
<VirtualHost *:80>
# Admin email, Server Name (domain name), and any aliases
ServerAdmin [email protected]
ServerName mydomain.com
ServerAlias www.mydomain.com
# Index file and Document Root (where the public files are located)
DirectoryIndex index.html
DocumentRoot /var/www/html/mydomain.com/
# Log file locations
LogLevel warn
ErrorLog /var/www/html/mydomain.com/log/error.log
CustomLog /var/www/html/mydomain.com/log/access.log combined
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
ProxyPreserveHost On
RewriteEngine on
RewriteCond %{SERVER_NAME} =www.mydomain.com [OR]
RewriteCond %{SERVER_NAME} =mydomain.com
RewriteRule ^ https://%{SERVER_NAME}%{REQUEST_URI} [END,NE,R=permanent]
</VirtualHost>
在/etc/apache2/sites-available/mydomain.com.le.ssl.conf下
<IfModule mod_ssl.c>
<VirtualHost *:443>
# Admin email, Server Name (domain name), and any aliases
ServerAdmin [email protected]
ServerName mydomain.com
ServerAlias www.mydomain.com
# Index file and Document Root (where the public files are located)
DirectoryIndex index.html
DocumentRoot /var/www/html/mydomain.com/
# Log file locations
LogLevel warn
ErrorLog /var/www/html/mydomain.com/log/error.log
CustomLog /var/www/html/mydomain.com/log/access.log combined
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
ProxyPreserveHost On
Include /etc/letsencrypt/options-ssl-apache.conf
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/mydomain.com/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/mydomain.com/privkey.pem
</VirtualHost>
</IfModule>
我已经尝试将ProxyPass和ProxyPassReverse指向3001端口。但该网站永远不会被访问。任何帮助都非常感谢。
尝试在keystone中禁用SSL。在通过Apache服务器代理流量时,您不需要它。它将处理证书,并在本地与keystone通信,无需SSL。然后你可以阻止从外面进入的3000端口。