моя цель ...
- клиент ------> 80 порт.
- 80 ----------> 443 (от nginx, для https)
- 443 ---------> 3000 (по nginx)
- Экспресс-сервер ожидает порта 3000.
Когда я попытался подключиться к доменному имени, я только что получил cannot connect site, domain.com deny your access
Настройки nginx - / etc / nginx / sites-available / default
> # HTTP server {
> listen 80 default_server;
> listen [::]:80 default_server;
> server_name domain.com www.domain.com;
>
> access_log /var/log/nginx/domain.access.log;
> error_log /var/log/nginx/error.log;
>
> # redirect to https
> return 301 https://$server_name$request_uri; }
> # HTTPS server {
> listen 443 ssl;
> listen [::]:443 ssl;
> #server_name domain.com www.domain.com;
>
> access_log /var/log/nginx/domain.access.log;
> error_log /var/log/nginx/error.log;
>
> ssl on;
>
> # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
> ssl_certificate /etc/letsencrypt/live/www.domain.com/fullchain.pem;
> ssl_certificate_key /etc/letsencrypt/live/www.domain.com/privkey.pem;
>
> ssl_session_timeout 1d;
> ssl_session_cache shared:SSL:50m;
> ssl_session_tickets off;
>
> # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
> ssl_dhparam /etc/letsencrypt/live/www.domain.com/dhparam.pem;
>
> # intermediate configuration. tweak to your needs.
> ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
> ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-R$
> ssl_prefer_server_ciphers on;
>
> # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months
> add_header Strict-Transport-Security max-age=15768000;
> # OCSP Stapling ---
> # fetch OCSP records from URL in ssl_certificate and cache them
> ssl_stapling on;
> ssl_stapling_verify on;
>
> # verify chain of trust of OCSP response using Root CA and Intermediate certs
> ssl_trusted_certificate /etc/letsencrypt/live/www.domain.com/chain.pem;
>
> resolver 8.8.8.8 8.8.4.4 valid=86400;
> resolver_timeout 10;
>
> location / {
> proxy_set_header Upgrade $http_upgrade;
> proxy_set_header Host $host;
> proxy_set_header X-NginX-Proxy true;
> proxy_set_header X-Real-IP $remote_addr;
> proxy_set_header X-Forwarded-Proto https;
> proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
>
> #additional settings
> proxy_read_timeout 300;
> proxy_connect_timeout 300;
>
> proxy_pass http://localhost:3000;
> proxy_redirect off;
> proxy_http_version 1.1;
> } }
Настройки nodejs
require('@babel/polyfill');
const app = require('./app');
const debug = require('debug')('learn-express:server');
const http = require('http');
require('dotenv').config();
const port = normalizePort(process.env.http_port);
app.listen(port, () => {
console.log('Server is running on port '+port);
});