Nginx http工作正常,但https失败。所以,我构建了一个nodejs https服务器。它可以工作,这意味着操作系统(CentOS 6.8(是正常的。
Nginx有什么问题?
恩金克斯 -V
nginx version: nginx/1.14.0
built by gcc 4.4.7 20120313 (Red Hat 4.4.7-17) (GCC)
built with OpenSSL 1.0.1e-fips 11 Feb 2013
TLS SNI support enabled
configure arguments: --prefix=/usr/share/nginx --sbin-path=/usr/sbin/nginx --modules-path=/usr/lib64/nginx/modules --conf-path=/etc/nginx/nginx.conf --error-log-path=/var/log/nginx/error.log --http-log-path=/var/log/nginx/access.log --http-client-body-temp-path=/var/lib/nginx/tmp/client_body --http-proxy-temp-path=/var/lib/nginx/tmp/proxy --http-fastcgi-temp-path=/var/lib/nginx/tmp/fastcgi --http-uwsgi-temp-path=/var/lib/nginx/tmp/uwsgi --http-scgi-temp-path=/var/lib/nginx/tmp/scgi --pid-path=/var/run/nginx.pid --lock-path=/var/lock/subsys/nginx --user=nginx --group=nginx --with-file-aio --with-ipv6 --with-http_ssl_module --with-http_v2_module --with-http_realip_module --with-http_addition_module --with-http_xslt_module=dynamic --with-http_geoip_module=dynamic --with-http_sub_module --with-http_dav_module --with-http_flv_module --with-http_mp4_module --with-http_gunzip_module --with-http_gzip_static_module --with-http_random_index_module --with-http_secure_link_module --with-http_degradation_module --with-http_slice_module --with-http_stub_status_module --with-http_perl_module=dynamic --with-mail=dynamic --with-mail_ssl_module --with-pcre --with-pcre-jit --with-stream=dynamic --with-stream_ssl_module --with-debug --with-cc-opt='-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=generic' --with-ld-opt=' -Wl,-E'
nginx.conf
user www;
worker_processes 1;
events {
worker_connections 1024;
}
http {
include mime.types;
default_type application/octet-stream;
log_format main '$request_time $remote_addr $remote_user [$time_local] $http_host "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
sendfile on;
keepalive_timeout 65;
gzip on;
include /etc/nginx/conf.d/*.conf;
}
网站.com.conf
server {
listen 80;
listen 443 ssl http2;
server_name website.com;
ssl on;
index index.html index.htm;
ssl_certificate certs/website.com/214523442680009.pem;
ssl_certificate_key certs/website.com/214523442680009.key;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
root "/var/www/website/";
access_log /var/log/nginx/website.com-access.log main;
error_log /var/log/nginx/website.com-error.log error;
}
奇怪的是没有任何日志,既没有访问也没有错误日志。似乎该请求甚至在到达Nginx之前就已被阻止。但这没有意义,因为nodejs服务器工作正常。
远程登录
vagrant@homestead:/htdocs$ telnet website.com 443
Trying xx.xx.xxx.x...
Connected to website.com.
Escape character is '^]'.
Connection closed by foreign host.
网络统计
[root@iZ23foxgunwZ ~]# netstat -nap | grep :443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 9932/nginx
节点js 脚本
var https = require('https');
const fs = require('fs');
https.createServer({
host: 'deyuapi.com',
key: fs.readFileSync('/etc/nginx/certs/website.com/214523442680009.key'),
cert: fs.readFileSync('/etc/nginx/certs/website.com/214523442680009.pem')
}, function (request, response) {
response.writeHead(200, {'Content-Type': 'text/plain'});
response.end('Hello Worldn');
}).listen(443);
这不是我第一次用Nginx设置ssl。但是这种情况让我很困惑。
任何建议将不胜感激。提前谢谢。
你必须定义一个位置,这使得nginx可以作为反向代理工作
location / {
proxy_pass http://your_server_ip:your_port;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}