1. 首頁
  2. 問答
  3. 節點js + Nginx +亞馬遜Linux + SSL

節點js + Nginx +亞馬遜Linux + SSL

2016-02-19 125 views
1

我有一個節點js應用程序在AWS linux服務器上運行ssl。我想實現nginx一樣。我google了一下,看到如果我在nginx中實現ssl,那麼節點應用程序就運行在http上。所以我配置nginx的的c​​onf如下就跑節點JS常規的HTTP服務器應用程序:節點js + Nginx +亞馬遜Linux + SSL

listen    443 ssl; 
server_name   myserver.com; 
ssl_certificate  myserver.chained.crt; 
ssl_certificate_key myserver.key; 
ssl_client_certificate myserver.crt; 
ssl_verify_client optional; 
location/{ 
    proxy_set_header X-Real-IP $remote_addr; 
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 
    proxy_set_header VERIFIED $ssl_client_verify; 
    proxy_set_header DN $ssl_client_s_dn; 
    proxy_pass http://127.0.0.1:3000; 
}

現在,應用程序上運行的HTTP和HTTPS作爲。我想要實現nginx,並通過ssl和應用程序僅在https上運行。 我的方法是否正確,我錯過了什麼?

來源

2016-02-19 Sagar Gopale

回答

1

我看到您的應用程序在端口3000上運行,您將要執行的操作僅在https上運行,即將端口3000上的所有請求都阻止到服務器(使用防火牆或security group rules in aws)請求在端口80上,您將希望將它們重定向到https版本(端口443)。類似這樣的:

server { 
    listen   80; 
    server_name my.domain.com; 
    return   301 https://$server_name$request_uri; 
}

I found the above rule in this answer on serverfault

來源

2016-02-19 19:33:57

0 
upstream app 
{ 
    server 127.0.0.1:3000; 
} 
server 
{ 

    listen 80; 
    listen 443 ssl; 

    server_name www.example.com; 
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; 
    ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem; 


    client_header_buffer_size 64k; 
    large_client_header_buffers 4 64k; 


    if ($scheme = http) { 

     return 301 https://$server_name$request_uri; 
    } 


    location ~ ^/(assets/|images/|img/|javascript/|js/|css/|stylesheets/|flash/|media/|static/|robots.txt|humans.txt|favicon.ico) { 

     root /var/www/example.com/public/; 

     access_log off; 

     expires 24h; 

    } 


    location/{ 


     proxy_set_header X-Real-IP $remote_addr; 

     proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 

     proxy_set_header Host $http_host; 

     proxy_set_header X-NginX-Proxy true; 


     proxy_pass http://app$uri$is_args$args; 

     proxy_redirect off; 


     proxy_http_version 1.1; 

     proxy_set_header Upgrade $http_upgrade; 

     proxy_set_header Connection "upgrade"; 


    } 

}

來源

2017-02-17 08:22:28

相關問題

 相關問題