C# 编辑:NGINX反向代理ASP.NET Core 5.0:localhost:5000关闭连接,但www.google.com正常工作
我正在尝试将我的ASP.NET web应用程序(使用.NET 5.0和ASP.NET MVC)部署到使用NGINX的debian 10服务器上。我遵循了微软的教程,经过无数次测试后,都找不到有效的方法 我当前的NGINX配置:C# 编辑:NGINX反向代理ASP.NET Core 5.0:localhost:5000关闭连接,但www.google.com正常工作,c#,asp.net,asp.net-core,nginx,.net-5,C#,Asp.net,Asp.net Core,Nginx,.net 5,我正在尝试将我的ASP.NET web应用程序(使用.NET 5.0和ASP.NET MVC)部署到使用NGINX的debian 10服务器上。我遵循了微软的教程,经过无数次测试后,都找不到有效的方法 我当前的NGINX配置: server { listen 80 default_server; location / { proxy_pass http://localhost:5000; proxy_http_version
server {
listen 80 default_server;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
使用curl-v localhost:5000
查询localhost会给我HTTP307重定向
查询curl-v——不安全https://localhost:5001
返回我网页的实际内容,因此kestrel运行正常
我的Startup.cs如下所示:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using SmapOneUpdater.Frontend.Model.Sortenumbuchung.Data;
namespace SmapOneUpdater.Frontend
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders =
ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});
services.AddDbContext<SortenumbuchungContext>(options =>
options.UseSqlite(Configuration.GetConnectionString("SortenumbuchungContext")));
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseForwardedHeaders();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Overview}/{action=Index}/{id?}");
});
}
}
}
dotnet /path/to/application/dll --urls "http://*:5000;https://*:5001"
server {
listen 80;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/cert.pem;
ssl_certificate_key /etc/nginx/cert.key;
location / {
proxy_pass https://192.168.4.156:5001;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
至于NGINX,在阅读了roadrunner的回答之后,我更改了配置,将HTTP请求重定向到HTTPS。下面,我还创建了一个自签名ssl证书:
openssl req -x509 -subj /CN=localhost -days 365 -set_serial 2 -newkey rsa:4096 -keyout /etc/nginx/cert.key -nodes -out /etc/nginx/cert.pem
我的工作NGINX配置如下所示:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;
using SmapOneUpdater.Frontend.Model.Sortenumbuchung.Data;
namespace SmapOneUpdater.Frontend
{
public class Startup
{
public Startup(IConfiguration configuration)
{
Configuration = configuration;
}
public IConfiguration Configuration { get; }
// This method gets called by the runtime. Use this method to add services to the container.
public void ConfigureServices(IServiceCollection services)
{
services.AddControllersWithViews();
services.Configure<ForwardedHeadersOptions>(options =>
{
options.ForwardedHeaders =
ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
});
services.AddDbContext<SortenumbuchungContext>(options =>
options.UseSqlite(Configuration.GetConnectionString("SortenumbuchungContext")));
}
// This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
{
app.UseForwardedHeaders();
if (env.IsDevelopment())
{
app.UseDeveloperExceptionPage();
}
else
{
app.UseExceptionHandler("/Home/Error");
// The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
app.UseHsts();
}
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
app.UseAuthorization();
app.UseEndpoints(endpoints =>
{
endpoints.MapControllerRoute(
name: "default",
pattern: "{controller=Overview}/{action=Index}/{id?}");
});
}
}
}
dotnet /path/to/application/dll --urls "http://*:5000;https://*:5001"
server {
listen 80;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
ssl_certificate /etc/nginx/cert.pem;
ssl_certificate_key /etc/nginx/cert.key;
location / {
proxy_pass https://192.168.4.156:5001;
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
有趣的是,通过这种工作配置,浏览器中我的url栏中的端口不会显示它正在访问端口5001
我是怎么发现的
也许这对一些读者来说会很有趣。通过使用virtualbox创建本地debian实例,我解决了这个问题。我把它配置成我真正的服务器。但是我安装了GNOME,因为我想确定我是否可以用本地浏览器查看页面(回顾一下,我可能已经用curl实现了这一点)
这对我来说似乎很有趣,因为重定向在vm上起作用。在firefox中输入localhost:80将我重定向到localhost:5001,我看到了页面。经过一些测试后,我用虚拟机的IP尝试了一下,发现和其他机器上的问题完全一样。因此,我尝试更改应用程序URL
我认为这很有趣,因为它看起来很明显,但文档中从未提到过。作为一名代理/nginx/webdev新手,我并不完全确定所有这些是如何工作的。特别是因为文档提到将HTTPS重定向到http://localhost:5000我认为nginx配置中需要两个部分,一个用于端口80,重定向到443上的另一个端口 比如:
server {
listen 80;
location / {
return 301 https://$host$request_uri;
}
}
server {
listen 443 ssl;
location / {
http://localhost:5000
proxy_set_header Host $http_host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
此外,您必须处理证书以避免浏览器警告。您使用的是c#HTTP还是HTTPS?看起来使用HTTPS的curl正在工作。服务器正在将您重定向到端口5001,该端口应该可以工作。您的解决方案帮助我确保nginx似乎工作正常。我想我的问题将出现在asp项目中。我已经根据您的回复和有关为.net创建反向代理的nginx文档更新了我的nginx配置,并添加了自签名证书。nginx正确地将http请求重定向到https,chrome警告我存在不受信任的证书。接受站点负载一段时间后,在“无法到达此站点”处停止