带有Letsencrypt的本机Nginx反向代理到Docker容器
我有一个安装了nginx的ubuntu 18.0.4 lts盒,并将其配置为反向代理:带有Letsencrypt的本机Nginx反向代理到Docker容器,docker,nginx,reverse-proxy,lets-encrypt,proxypass,Docker,Nginx,Reverse Proxy,Lets Encrypt,Proxypass,我有一个安装了nginx的ubuntu 18.0.4 lts盒,并将其配置为反向代理: /etc/nginx/sites enabled/default: server { server_name example.com; location / { proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_fo
/etc/nginx/sites enabled/default
:
server {
server_name example.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://0.0.0.0:3000;
}
我有一个网站在docker容器中运行,监听端口3000。使用此配置,如果我浏览到我看到的网站
然后,我使用他们网站上的标准安装程序安装了LetsEncypt,然后运行sudo certbot--nginx
,并按照说明为mydomain.com启用https
现在我的etc/nginx/sites enabled/default
看起来像这样,我无法在和上加载站点:
有什么想法吗?我想出来了。问题不在于我的nginx/letsencrypt配置,而在于提供商级别(azure)的网络问题 我注意到网络安全组只允许端口80上的流量。解决方案是为443添加一条规则
添加此规则后,现在一切正常。目录中有任何日志吗?/var/log/nginx/目录中的access.log和error.log为空(我在安装lets encrypt后清除了它们)。您尝试过
https://example.com
似乎没有从端口80(http)->443(https)@Bernhard yes自动重定向,我已经更新了我的问题。运行certbot后,我无法在http或httpscan上访问该站点。是否从root用户运行nginx-t
?
server {
server_name example.com;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://0.0.0.0:3000;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot