Nginx和Certbot赢得';t转发至443,仅aspnet core和kestrel上的端口5001
我正在尝试使用以下设置部署一个aspnet core 2.2站点,但在输入urlNginx和Certbot赢得';t转发至443,仅aspnet core和kestrel上的端口5001,nginx,asp.net-core,certbot,Nginx,Asp.net Core,Certbot,我正在尝试使用以下设置部署一个aspnet core 2.2站点,但在输入urlsomesite.co.uk时,它会转发到端口5001,而不是443。谁能看出我做错了什么 在浏览器中输入somesite.co.uk时,它会重定向到https://somesite.co.uk:5001 C#-程序 Linux-/etc/systemd/system/kestrel-somesite.service [Service] WorkingDirectory=/usr/share/nginx/html E
somesite.co.uk
时,它会转发到端口5001,而不是443。谁能看出我做错了什么
在浏览器中输入somesite.co.uk
时,它会重定向到https://somesite.co.uk:5001
C#-程序
Linux-/etc/systemd/system/kestrel-somesite.service
[Service]
WorkingDirectory=/usr/share/nginx/html
ExecStart=/usr/bin/dotnet /usr/share/nginx/html/somesite.dll
Restart=always
RestartSec=10
SyslogIdentifier=dotnet-coretest
User=root
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false
Environment=ASPNETCORE_HTTPS_PORT=5001
Environment=ASPNETCORE_URLS=http://*:5000;https://*:5001
[Install]
WantedBy=multi-user.target
Linux-/etc/nginx/sites available/first.conf
server {
server_name somesite.co.uk;
root /usr/share/nginx/html;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/somesite.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/somesite.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = somesite.co.uk) {
return 301 https://$server_name$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name somesite.co.uk;
return 404; # managed by Certbot
}
但你们记得在启动时使用app.UseForwaredHeaders吗
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
通常,您不必在服务文件(最后两行环境)中指定端口。
我建议您查看位于的文档,除了microsoft站点中的外,这些文档也很有用。我认为您不需要在appsettings.json中指定kestrel设置,也不需要在服务文件中指定最后两行环境。尝试先删除这些,然后重新加载nginx并重新启动服务。另外,如果您使用certbot和nginx,您可以删除对startup.cs中app.UseHttpRedirection()的调用,因为如果您还没有这样做,则不需要调用它(有些人还特别在startup中路由到https端口,因此也不需要这样做)。但你们记得在启动时使用app.UseForwaredHeaders吗?@JohanHerstad,谢谢。app.UseForwaredHeaders已修复此问题。我使用了
app.UseForwardedHeaders(新的ForwardedHeadersOptions{ForwardedHeaders=ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto})代码>。如果你加上这个作为回答,我会接受的。谢谢。我试图通过nginx在digitalocean中部署dotnet新的mvc模板,这正是我所缺少的。mvc模板缺少此配置行
server {
server_name somesite.co.uk;
root /usr/share/nginx/html;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/somesite.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/somesite.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = somesite.co.uk) {
return 301 https://$server_name$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name somesite.co.uk;
return 404; # managed by Certbot
}
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});