文档建议反馈控制台
首页
学习
活动
专区
圈层
工具
MCP广场
文章/答案/技术大牛
发布
社区首页 >问答首页 >letsencrypt nginx反向代理

letsencrypt nginx反向代理
EN

Stack Overflow用户
提问于 2018-05-05 16:13:43
回答 1查看 258关注 0票数 0

我正在使用nginx linux vps,并且我已经在我的服务器上安装了centos6。我已经安装了letsencrypt证书。但问题是,当我访问我的网站www.mywebsite.com时,它显示安全,但当我访问www.mywebsite.com/otherpages时,它显示不安全和letsencrypt证书无效。

/etc/nginx/conf.d/default.conf的配置

代码语言:javascript
复制
server {
listen      80  default_server;
#  listen       [::]:80 default_server;
server_name  _;
root         /usr/share/nginx/html;

# Load configuration files for the default server block.
include /etc/nginx/default.d/*.conf;

location / {
}

error_page 404 /404.html;
    location = /40x.html {
}

error_page 500 502 503 504 /50x.html;
    location = /50x.html {
}

/etc/nginx/sites available/quiznou.com.conf的配置

代码语言:javascript
复制
   server {
    listen     80    ;
    server_name quiznou.com www.quiznou.com;
    return 301 https://$server_name$request_uri;
  }
   server{
  listen 443 ssl http2;
   server_name quiznou.com www.quiznou.com;
  ssl on;
 ssl_certificate /etc/letsencrypt/live/quiznou.com/fullchain.pem;
 ssl_certificate_key /etc/letsencrypt/live/quiznou.com/privkey.pem;
 ssl_session_timeout 5m;
 ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
 ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
 ssl_prefer_server_ciphers on;
 ssl_session_cache shared:SSL:10m;

 location / {
 proxy_pass http://localhost:8080;
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection 'upgrade';
    proxy_set_header Host $host;
      proxy_cache_bypass $http_upgrade;
 }
 location ~ /.well-known {
            allow all;
    }
  location /.well-known/acme-challenge/ {
            root       /var/www/quiznou.com;
    }

  }
nginx
lets-encrypt
EN

回答 1

Stack Overflow用户

发布于 2018-08-08 22:50:20

这是我自己的NGINX配置文件作为一个revers_proxy:但是我使用配置来代理一些docker。我直接修改了/etc/nginx/default.conf,为了代理一个apache web page,我在nginx中创建了一个VHost。

如果它能帮到你的话。

代码语言:javascript
复制
server {
listen       80;
listen  443 ssl;
server_name  some.name.com;
server_tokens off;

## Certificates
ssl_certificate /etc/letsencrypt/live/some.name.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/some.name.com/privkey.pem;
ssl_trusted_certificate /etc/letsencrypt/live/some.name.com/chain.pem;
if ($scheme = http){

return 301 https://$server_name$request_uri;
}
location / {
proxy_pass http://IP_du_serveur:port;
}

## Protocol
ssl_protocols TLSv1.2;

## Diffie-Hellman
ssl_ecdh_curve secp384r1;

## Ciphers
ssl_ciphers EECDH+CHACHA20:EECDH+AESGCM:EECDH+AES;
ssl_prefer_server_ciphers on;

# OCSP Stapling
ssl_stapling on;
ssl_stapling_verify on;

## TLS parameters
ssl_session_cache shared:SSL:10m;
ssl_session_timeout 5m;
ssl_session_tickets off;

## HSTS
add_header Strict-Transport-Security "max-age=15552000; includeSubdomains;   preload";
}
票数 0
EN
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:

https://stackoverflow.com/questions/50187253

复制
相关文章

相似问题

领券

腾讯云开发者

扫码关注腾讯云开发者

扫码关注腾讯云开发者

领取腾讯云代金券

热门产品

热门推荐

更多推荐

Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有 

深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 粤公网安备44030502008569号

腾讯云计算(北京)有限责任公司 京ICP证150476号 |  京ICP备11018762号

问题归档专栏文章快讯文章归档关键词归档开发者手册归档开发者手册 Section 归档