C# 编辑：NGINX反向代理ASP.NET Core 5.0:localhost:5000关闭连接，但www.google.com正常工作

我正在尝试将我的ASP.NET web应用程序（使用.NET 5.0和ASP.NET MVC）部署到使用NGINX的debian 10服务器上。我遵循了微软的教程，经过无数次测试后，都找不到有效的方法

我当前的NGINX配置：

server {
    listen  80 default_server;

    location / {
        proxy_pass          http://localhost:5000;
        proxy_http_version  1.1;
        proxy_set_header    Upgrade $http_upgrade;
        proxy_set_header    Connection keep-alive;
        proxy_set_header    Host $host;
        proxy_cache_bypass  $http_upgrade;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto $scheme;
    }
}

使用

curl-v localhost:5000

查询localhost会给我HTTP307重定向

查询

curl-v——不安全https://localhost:5001

返回我网页的实际内容，因此kestrel运行正常

我的Startup.cs如下所示：

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;

using SmapOneUpdater.Frontend.Model.Sortenumbuchung.Data;

namespace SmapOneUpdater.Frontend
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddControllersWithViews();
            services.Configure<ForwardedHeadersOptions>(options =>
            {
                options.ForwardedHeaders =
                    ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
            });
            services.AddDbContext<SortenumbuchungContext>(options =>
                    options.UseSqlite(Configuration.GetConnectionString("SortenumbuchungContext")));
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            app.UseForwardedHeaders();
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                app.UseHsts();
            }
            app.UseHttpsRedirection();
            app.UseStaticFiles();

            app.UseRouting();

            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllerRoute(
                    name: "default",
                    pattern: "{controller=Overview}/{action=Index}/{id?}");
            });
        }
    }
}

dotnet /path/to/application/dll --urls "http://*:5000;https://*:5001"

server {
    listen 80;

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;

    ssl_certificate /etc/nginx/cert.pem;
    ssl_certificate_key /etc/nginx/cert.key;

    location / {
        proxy_pass          https://192.168.4.156:5001;
        proxy_set_header    Host $http_host;
        proxy_set_header    X-Real-IP               $remote_addr;
        proxy_set_header    X-Forwarded-For         $proxy_add_x_forwarded_for;
    }
}

至于NGINX，在阅读了roadrunner的回答之后，我更改了配置，将HTTP请求重定向到HTTPS。下面，我还创建了一个自签名ssl证书：

openssl req -x509 -subj /CN=localhost -days 365 -set_serial 2 -newkey rsa:4096 -keyout /etc/nginx/cert.key -nodes -out /etc/nginx/cert.pem

我的工作NGINX配置如下所示：

using System;
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Builder;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.HttpOverrides;
using Microsoft.AspNetCore.HttpsPolicy;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Microsoft.Extensions.DependencyInjection;
using Microsoft.Extensions.Hosting;

using SmapOneUpdater.Frontend.Model.Sortenumbuchung.Data;

namespace SmapOneUpdater.Frontend
{
    public class Startup
    {
        public Startup(IConfiguration configuration)
        {
            Configuration = configuration;
        }

        public IConfiguration Configuration { get; }

        // This method gets called by the runtime. Use this method to add services to the container.
        public void ConfigureServices(IServiceCollection services)
        {
            services.AddControllersWithViews();
            services.Configure<ForwardedHeadersOptions>(options =>
            {
                options.ForwardedHeaders =
                    ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;
            });
            services.AddDbContext<SortenumbuchungContext>(options =>
                    options.UseSqlite(Configuration.GetConnectionString("SortenumbuchungContext")));
        }

        // This method gets called by the runtime. Use this method to configure the HTTP request pipeline.
        public void Configure(IApplicationBuilder app, IWebHostEnvironment env)
        {
            app.UseForwardedHeaders();
            if (env.IsDevelopment())
            {
                app.UseDeveloperExceptionPage();
            }
            else
            {
                app.UseExceptionHandler("/Home/Error");
                // The default HSTS value is 30 days. You may want to change this for production scenarios, see https://aka.ms/aspnetcore-hsts.
                app.UseHsts();
            }
            app.UseHttpsRedirection();
            app.UseStaticFiles();

            app.UseRouting();

            app.UseAuthorization();

            app.UseEndpoints(endpoints =>
            {
                endpoints.MapControllerRoute(
                    name: "default",
                    pattern: "{controller=Overview}/{action=Index}/{id?}");
            });
        }
    }
}

dotnet /path/to/application/dll --urls "http://*:5000;https://*:5001"

server {
    listen 80;

    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;

    ssl_certificate /etc/nginx/cert.pem;
    ssl_certificate_key /etc/nginx/cert.key;

    location / {
        proxy_pass          https://192.168.4.156:5001;
        proxy_set_header    Host $http_host;
        proxy_set_header    X-Real-IP               $remote_addr;
        proxy_set_header    X-Forwarded-For         $proxy_add_x_forwarded_for;
    }
}

有趣的是，通过这种工作配置，浏览器中我的url栏中的端口不会显示它正在访问端口5001

我是怎么发现的

也许这对一些读者来说会很有趣。通过使用virtualbox创建本地debian实例，我解决了这个问题。我把它配置成我真正的服务器。但是我安装了GNOME，因为我想确定我是否可以用本地浏览器查看页面（回顾一下，我可能已经用curl实现了这一点）

这对我来说似乎很有趣，因为重定向在vm上起作用。在firefox中输入localhost:80将我重定向到localhost:5001，我看到了页面。经过一些测试后，我用虚拟机的IP尝试了一下，发现和其他机器上的问题完全一样。因此，我尝试更改应用程序URL

---

我认为这很有趣，因为它看起来很明显，但文档中从未提到过。作为一名代理/nginx/webdev新手，我并不完全确定所有这些是如何工作的。特别是因为文档提到将HTTPS重定向到http://localhost:5000

我认为nginx配置中需要两个部分，一个用于端口80，重定向到443上的另一个端口

比如：

server {
    listen 80;
   
    location / {
        return 301 https://$host$request_uri;
    }
}

server {
    listen 443 ssl;
    
    location / {
        http://localhost:5000
        proxy_set_header    Host                $http_host;
        proxy_set_header    X-Real-IP           $remote_addr;
        proxy_set_header    X-Forwarded-For     $proxy_add_x_forwarded_for;
    }
}

---

此外，您必须处理证书以避免浏览器警告。

您使用的是c#HTTP还是HTTPS？看起来使用HTTPS的curl正在工作。服务器正在将您重定向到端口5001，该端口应该可以工作。您的解决方案帮助我确保nginx似乎工作正常。我想我的问题将出现在asp项目中。我已经根据您的回复和有关为.net创建反向代理的nginx文档更新了我的nginx配置，并添加了自签名证书。nginx正确地将http请求重定向到https，chrome警告我存在不受信任的证书。接受站点负载一段时间后，在“无法到达此站点”处停止