что я должен сделать для https в nginx / express? - PullRequest
0 голосов
/ 04 ноября 2018

моя цель ...

  1. клиент ------> 80 порт.
  2. 80 ----------> 443 (от nginx, для https)
  3. 443 ---------> 3000 (по nginx)
  4. Экспресс-сервер ожидает порта 3000.

Когда я попытался подключиться к доменному имени, я только что получил cannot connect site, domain.com deny your access

Настройки nginx - / etc / nginx / sites-available / default

> # HTTP server {
>         listen 80 default_server;
>         listen [::]:80 default_server;
>         server_name domain.com www.domain.com;
> 
>         access_log /var/log/nginx/domain.access.log;
>         error_log /var/log/nginx/error.log;
> 
>         # redirect to https
>         return 301 https://$server_name$request_uri; }

> # HTTPS server {
>         listen 443 ssl;
>         listen [::]:443 ssl;
>         #server_name domain.com www.domain.com;
> 
>         access_log /var/log/nginx/domain.access.log;
>         error_log /var/log/nginx/error.log;
> 
>         ssl on;
> 
>         # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
>         ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem;
>         ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem;
> 
>         ssl_session_timeout 1d;
>         ssl_session_cache shared:SSL:50m;
>         ssl_session_tickets off;
> 
>         # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
>         ssl_dhparam /etc/letsencrypt/live/www.domain.com/dhparam.pem;
> 
>         # intermediate configuration. tweak to your needs.
>         ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
>         ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-R$
>         ssl_prefer_server_ciphers on;
> 
>        # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months
>         add_header Strict-Transport-Security max-age=15768000;
>         # OCSP Stapling ---
>         # fetch OCSP records from URL in ssl_certificate and cache them
>         ssl_stapling on;
>         ssl_stapling_verify on;
> 
>         # verify chain of trust of OCSP response using Root CA and Intermediate certs
>         ssl_trusted_certificate /etc/letsencrypt/live/www.domain.com/chain.pem;
> 
>         resolver 8.8.8.8 8.8.4.4 valid=86400;
>         resolver_timeout 10;
> 
>         location / {
>                proxy_set_header Upgrade $http_upgrade;
>                proxy_set_header Host $host;
>                proxy_set_header X-NginX-Proxy true;
>                proxy_set_header X-Real-IP $remote_addr;
>                proxy_set_header X-Forwarded-Proto https;
>                proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
> 
>                #additional settings
>                proxy_read_timeout 300;
>                proxy_connect_timeout 300;
> 
>                proxy_pass http://localhost:3000;
>                proxy_redirect off;
>                proxy_http_version 1.1;
>        } }

Настройки nodejs

require('@babel/polyfill'); 
const app = require('./app'); 
const debug = require('debug')('learn-express:server'); 
const http = require('http'); 
require('dotenv').config();

const port = normalizePort(process.env.http_port); 
app.listen(port, () => {
         console.log('Server is running on port '+port); 
});
Добро пожаловать на сайт PullRequest, где вы можете задавать вопросы и получать ответы от других членов сообщества.
...