Node.js 带有nodejs和apacheoverssl的nginx反向代理

很长一段时间以来，我一直在尝试使用nginx设置一个反向代理，该代理在端口3000上通过ssl与nodejs一起工作，在端口443上通过ssl与apache一起工作。我尝试了很多东西，我的conf文件可能有很多错误。我最近的一次尝试启用了/etc/apache2/sites/000-default.conf：

<VirtualHost *:443>
        # The ServerName directive sets the request scheme, hostname and port t$
        # the server uses to identify itself. This is used when creating
        # redirection URLs. In the context of virtual hosts, the ServerName
        # specifies what hostname must appear in the request's Host: header to
        # match this virtual host. For the default virtual host (this file) this
        # value is not decisive as it is used as a last resort host regardless.
        # However, you must set it for any further virtual host explicitly.
        #ServerName www.example.com

        ServerAdmin admin@test.com
        DocumentRoot /var/www/html/public
        SSLEngine on
        SSLCertificateFile /var/www/certs/test_com.crt
        SSLCertificateKeyFile /var/www/certs/test_com.key

        # Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
        # error, crit, alert, emerg.
        # It is also possible to configure the loglevel for particular
        # modules, e.g.
        #LogLevel info ssl:warn

        ErrorLog ${APACHE_LOG_DIR}/error.log
        CustomLog ${APACHE_LOG_DIR}/access.log combined

        # For most configuration files from conf-available/, which are
        # enabled or disabled at a global level, it is possible to
        # include a line for only one particular virtual host. For example the
        # following line enables the CGI configuration for this host only
        # after it has been globally disabled with "a2disconf".
        #Include conf-available/serve-cgi-bin.conf
</VirtualHost>

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

当我运行netstat-tulpn时，我得到：

Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      -               
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      -               
tcp6       0      0 :::22                   :::*                    LISTEN      -               
tcp6       0      0 :::3000                 :::*                    LISTEN      -               
udp        0      0 0.0.0.0:68              0.0.0.0:* 

这是我第一次设置这样的服务器，如果有人能解释反向代理如何与通过ssl使用apache实例网页的nodejs服务器协同工作，我将不胜感激

我不确定这是如何工作的，但如果我不得不从逻辑上猜测，我希望有一个nginx实例监听端口80，将所有http流量重定向到https流量。我希望在端口443上配置apache，以便能够浏览到我的css样式表

https://test.com/assets/css/stylesheet.css

并能够将其用作节点服务器中的路径

我在搜索中发现了这一点，但无法正确实施：

---

我知道我解释得不是很好，但我希望有人能理解我需要什么并帮助我。谢谢

是的，这听起来令人困惑。非常常见的情况是，直接从nginx提供静态资产，然后将所有其他请求反向代理到某个后端（3000上的节点）。 我对Apache的需求感到非常困惑。 如果你真的需要Apache，这就是你可以做到的

首先，您说您希望nginx在端口80上侦听，并将所有http流量重定向到https，请按如下方式配置您的nginx

server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
}

nginx就是这样。 现在对于Apache，您需要mod_代理，它将侦听443并处理TLS终止，然后代理请求到侦听3000的节点

<VirtualHost *:*>
  # your config here...

  ProxyPreserveHost On 
  ProxyPass / http://localhost:3000/
  ProxyPassReverse / http://localhost:3000/ 
</VirtualHost> 

---

谢谢你的回复！我完全同意只使用nginx和node。一位朋友告诉我，Apache是服务静态资产的首选方法。如果这是不正确的，我想使用首选的方法。您是否有可能给出一个快速示例，说明如何设置nginx在端口80上侦听，重定向到443，并让所有我的html文件都由nginx本身提供？我读了一堆DigitalOcean指南，但其中涉及SSL的指南非常混乱，而我能够理解发生了什么的指南并没有使用SSL。再次感谢！非常感谢！工作得很好！

<VirtualHost *:*>
  # your config here...

  ProxyPreserveHost On 
  ProxyPass / http://localhost:3000/
  ProxyPassReverse / http://localhost:3000/ 
</VirtualHost> 

# replace 'domain.com' with your domain name
# http server, redirects to https
server {
  listen 80;
  listen [::]:80;
  server_name example.com;
  return 301 https://example.com$request_uri;
}

# https server
server {
  listen 443 ssl;
  listen [::]:443 ssl;
  server_name example.com;

  ssl on;

  # replace this with your cert+key path
  ssl_certificate /etc/ssl/private/YOUR_CERT.crt;
  ssl_certificate_key /etc/ssl/private/YOUR_SERVER_KEY.key;

  ssl_session_timeout 1d;
  ssl_session_cache shared:SSL:20m;
  ssl_session_tickets off;

  ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
  ssl_prefer_server_ciphers on;

  ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';

  ssl_stapling on;
  ssl_stapling_verify on;

  # replace 'node-app' with your app name
  access_log /var/log/nginx/node-app.access.log;
  error_log /var/log/nginx/node-app.error.log;

  location / {
    # the path to your static assets
    root /var/www/your-app/public;

    try_files $uri $uri/ @nodebackend;
  }

  # all requests to locations not found in static path
  # will be forwarded to the node server
  location @nodebackend {
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-Proto $scheme;

    proxy_pass http://localhost:3000;
    proxy_redirect off;
  }
}