我已经尝试了很长时间来设置一个反向代理,使用nginx,它可以在端口3000上的ssl上使用nodejs,在端口443上使用ssl上的apache . 我已经尝试了很多东西,我的conf文件可能有很多错误 . 我最近的尝试是/etc/apache2/sites-enabled/000-default.conf:
<VirtualHost *:443>
# The ServerName directive sets the request scheme, hostname and port t$
# the server uses to identify itself. This is used when creating
# redirection URLs. In the context of virtual hosts, the ServerName
# specifies what hostname must appear in the request's Host: header to
# match this virtual host. For the default virtual host (this file) this
# value is not decisive as it is used as a last resort host regardless.
# However, you must set it for any further virtual host explicitly.
#ServerName www.example.com
ServerAdmin admin@test.com
DocumentRoot /var/www/html/public
SSLEngine on
SSLCertificateFile /var/www/certs/test_com.crt
SSLCertificateKeyFile /var/www/certs/test_com.key
# Available loglevels: trace8, ..., trace1, debug, info, notice, warn,
# error, crit, alert, emerg.
# It is also possible to configure the loglevel for particular
# modules, e.g.
#LogLevel info ssl:warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
# For most configuration files from conf-available/, which are
# enabled or disabled at a global level, it is possible to
# include a line for only one particular virtual host. For example the
# following line enables the CGI configuration for this host only
# after it has been globally disabled with "a2disconf".
#Include conf-available/serve-cgi-bin.conf
</VirtualHost>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
我的nginx配置如下所示:
server {
listen 80;
access_log /var/log/nginx/secure.log;
error_log /var/log/nginx/secure.error.log;
server_name test.com;
ssl on;
ssl_certificate /var/www/certs/test_com.crt;
ssl_certificate_key /var/www/certs/test_com.key;
location / {
proxy_pass https://127.0.0.1:3000;
}
location /public {
proxy_pass https://127.0.0.1:443;
root /var/www/html/public; //this is where I keep all the html files
}
}
当我跑 netstat -tulpn
时,我得到:
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN -
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN -
tcp6 0 0 :::22 :::* LISTEN -
tcp6 0 0 :::3000 :::* LISTEN -
udp 0 0 0.0.0.0:68 0.0.0.0:*
这是我第一次设置这样的服务器所以如果有人可以解释反向代理如何与使用来自apache实例的网页的ssl上的nodejs服务器一起工作,我真的很感激 .
我不确定这是如何工作的,但如果我不得不在逻辑上猜测,我希望在端口80上侦听nginx实例,将所有http流量重定向到https流量 . 我希望在端口443上配置apache,这样我就可以浏览到我的css样式表 https://test.com/assets/css/stylesheet.css
,并能够将其用作我的节点服务器中的路径 .
我在搜索中发现了这一点但无法正确实现:https://www.digitalocean.com/community/questions/how-to-setup-ssl-for-nginx-and-apache
我知道我不是很好解释,但我希望有人能够理解我的需要并帮助我 . 谢谢!
1 回答
是的,这听起来令人困惑 . 从nginx直接提供静态资产是很常见的,然后将所有其他请求反向代理到某些后端(3000上的节点) . 我对Apache的需求感到非常困惑 . 如果你真的需要Apache,你可以这样做 .
首先,你说你希望nginx在端口80上侦听,只是将所有http流量重定向到https,像这样配置你的nginx .
这是nginx . 现在对于Apache,你需要mod_proxy,它将监听443并处理TLS终止,然后代理请求到节点监听3000
https://httpd.apache.org/docs/2.4/mod/mod_proxy.html
我不确定你为什么要这样做,如果可以的话,我建议只使用nginx监听80,重定向到443,处理TLS终止,提供静态资产,并将代理转发到你的后端 . 设置起来要简单得多 .
example
未经测试的nginx配置