Node.js 带有nodejs和apacheoverssl的nginx反向代理
很长一段时间以来,我一直在尝试使用nginx设置一个反向代理,该代理在端口3000上通过ssl与nodejs一起工作,在端口443上通过ssl与apache一起工作。我尝试了很多东西,我的conf文件可能有很多错误。我最近的一次尝试启用了/etc/apache2/sites/000-default.conf:Node.js 带有nodejs和apacheoverssl的nginx反向代理,node.js,apache,ssl,nginx,proxy,Node.js,Apache,Ssl,Nginx,Proxy,很长一段时间以来,我一直在尝试使用nginx设置一个反向代理,该代理在端口3000上通过ssl与nodejs一起工作,在端口443上通过ssl与apache一起工作。我尝试了很多东西,我的conf文件可能有很多错误。我最近的一次尝试启用了/etc/apache2/sites/000-default.conf: <VirtualHost *:443> # The ServerName directive sets the request scheme, hostname
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port t$
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin admin@test.com
DocumentRoot /var/www/html/public
SSLEngine on
SSLCertificateFile /var/www/certs/test_com.crt
SSLCertificateKeyFile /var/www/certs/test_com.key
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
当我运行netstat-tulpn时,我得到:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::3000 :::* LISTEN -
udp 0 0 0.0.0.0:68 0.0.0.0:*
这是我第一次设置这样的服务器,如果有人能解释反向代理如何与通过ssl使用apache实例网页的nodejs服务器协同工作,我将不胜感激
我不确定这是如何工作的,但如果我不得不从逻辑上猜测,我希望有一个nginx实例监听端口80,将所有http流量重定向到https流量。我希望在端口443上配置apache,以便能够浏览到我的css样式表https://test.com/assets/css/stylesheet.css
并能够将其用作节点服务器中的路径
我在搜索中发现了这一点,但无法正确实施:
我知道我解释得不是很好,但我希望有人能理解我需要什么并帮助我。谢谢 是的,这听起来令人困惑。非常常见的情况是,直接从nginx提供静态资产,然后将所有其他请求反向代理到某个后端(3000上的节点)。 我对Apache的需求感到非常困惑。 如果你真的需要Apache,这就是你可以做到的 首先,您说您希望nginx在端口80上侦听,并将所有http流量重定向到https,请按如下方式配置您的nginx
server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
nginx就是这样。
现在对于Apache,您需要mod_代理,它将侦听443并处理TLS终止,然后代理请求到侦听3000的节点
<VirtualHost *:*>
# your config here...
ProxyPreserveHost On
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
谢谢你的回复!我完全同意只使用nginx和node。一位朋友告诉我,Apache是服务静态资产的首选方法。如果这是不正确的,我想使用首选的方法。您是否有可能给出一个快速示例,说明如何设置nginx在端口80上侦听,重定向到443,并让所有我的html文件都由nginx本身提供?我读了一堆DigitalOcean指南,但其中涉及SSL的指南非常混乱,而我能够理解发生了什么的指南并没有使用SSL。再次感谢!非常感谢!工作得很好!
<VirtualHost *:*>
# your config here...
ProxyPreserveHost On
ProxyPass / http://localhost:3000/
ProxyPassReverse / http://localhost:3000/
</VirtualHost>
# replace 'domain.com' with your domain name
# http server, redirects to https
server {
listen 80;
listen [::]:80;
server_name example.com;
return 301 https://example.com$request_uri;
}
# https server
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name example.com;
ssl on;
# replace this with your cert+key path
ssl_certificate /etc/ssl/private/YOUR_CERT.crt;
ssl_certificate_key /etc/ssl/private/YOUR_SERVER_KEY.key;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:20m;
ssl_session_tickets off;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!3DES:!MD5:!PSK';
ssl_stapling on;
ssl_stapling_verify on;
# replace 'node-app' with your app name
access_log /var/log/nginx/node-app.access.log;
error_log /var/log/nginx/node-app.error.log;
location / {
# the path to your static assets
root /var/www/your-app/public;
try_files $uri $uri/ @nodebackend;
}
# all requests to locations not found in static path
# will be forwarded to the node server
location @nodebackend {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_pass http://localhost:3000;
proxy_redirect off;
}
}