我已经设置了一个lightsail Ubuntu 18.04实例,通过lightsail控制台打开了443端口,并连接了一个静态IP,该IP正确映射到www.budgetweapon.com。但是,我无法进行外部连接。我错过了什么?
我已经通过lightsail控制台检查了端口443是否打开,并使用开放端口检查器检查了它是否在外部打开,该检查器显示它是打开的,但我仍然无法连接(连接超时(。我还确认,当我真正在服务器上时,我能够卷曲https端点,并且我得到了预期的html,所以nginx肯定可以工作。我还尝试过在端口80上通过Python运行SimpleHttpServer,并且使用http://www.budgetweapon.com.这里分别是nginx-conf和docker-compose.yml文件。
server {
listen 80;
listen [::]:80;
server_name budgetweapon.com www.budgetweapon.com;
location ~ /.well-known/acme-challenge {
allow all;
root /var/www/html;
}
location / {
rewrite ^ https://$host$request_uri? permanent;
}
}
server
{
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name budgetweapon.com www.budgetweapon.com;
server_tokens off;
ssl_certificate /etc/letsencrypt/live/budgetweapon.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/budgetweapon.com/privkey.pem;
ssl_buffer_size 8k;
ssl_dhparam /etc/ssl/certs/dhparam-2048.pem;
ssl_protocols TLSv1.2 TLSv1.1 TLSv1;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDH+AESGCM:ECDH+AES256:ECDH+AES128:DH+3DES:!ADH:!AECDH:!MD5;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8;
location / {
try_files $uri @nodejs;
}
location @nodejs {
proxy_pass http://nodejs:8080;
add_header X-Frame-Options "SAMEORIGIN" always;
add_header X-XSS-Protection "1; mode=block" always;
add_header X-Content-Type-Options "nosniff" always;
add_header Referrer-Policy "no-referrer-when-downgrade" always;
add_header Content-Security-Policy "default-src * data: 'unsafe-eval' 'unsafe-inline'" always;
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
# enable strict transport security only if you understand the implications
}
root /var/www/html;
index index.html index.htm index.nginx-debian.html;
}
version: '3'
services:
nodejs:
build:
context: .
dockerfile: Dockerfile
image: nodejs
container_name: nodejs
restart: unless-stopped
networks:
- app-network
webserver:
image: nginx:mainline-alpine
container_name: webserver
restart: unless-stopped
ports:
- "80:80"
- "443:443"
volumes:
- web-root:/var/www/html
- ./nginx-conf:/etc/nginx/conf.d
- certbot-etc:/etc/letsencrypt
- certbot-var:/var/lib/letsencrypt
- dhparam:/etc/ssl/certs
depends_on:
- nodejs
networks:
- app-network
volumes:
certbot-etc:
certbot-var:
web-root:
driver: local
driver_opts:
type: none
device: /home/ubuntu/node_project/views/
o: bind
dhparam:
driver: local
driver_opts:
type: none
device: /home/ubuntu/node_project/dhparam/
o: bind
networks:
app-network:
driver: bridge
你知道我做错了什么吗?我完全被难住了,我发誓今天早些时候工作正常
事实证明,一切都很正常,因为当我在手机上切换到safari的私人模式时,我可以浏览到网站,也可以从工作机器上浏览(尽管我们的代理似乎会拦截连接,并用它自己的证书"包裹"我机器上的证书,使其看起来安全(。这似乎是我的家用电脑的一个问题,它阻止了与该网站的https连接,因为它认为证书不可靠-这是Let's Encrypt的临时证书,所以这可能就是Chrome决定违背我的意愿为我阻止它的原因