lighttpd反向代理
我有两个raspberry pi服务器在运行。这些都是与DietPi建立的。一个服务器用作NextCloud服务器。另一个(新的)服务器正在运行weewx。两者都使用lighttpd作为use服务器。它们都在不同的域my.domain.com和my.otherdomain.com下运行。
我的路由器只有一个IP地址,我使用端口转发来访问两个服务器。NextCloud服务器(my.domain.com)已经使用dietpi-letsencrypt启用了SSL。我不能在my.otherdomain.com上运行certbot,因为我只有一个公共IP地址。
我在我的Nextcloud机器(my.domain.com)上启用了mod-代理,它将请求转发给my.otherdomain.com到weewx机器。我禁用了路由器上的端口转发到weewx机器。然而,dietpi-letsencrypt不能为weewx计算机生成SSL证书--挑战失败。我试着在这两台机器上运行certbot。下面是我的Nextcloud机器(用作我的代理服务器)的尝试:
Do you want to expand and replace this existing certificate with the new
certificate?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
(E)xpand/(C)ancel: E
Renewing an existing certificate for my.domain.com and my.otherdomain.com
Performing the following challenges:
http-01 challenge for aws.andrewterhorst.com
Using the webroot path /var/www for all unmatched domains.
Waiting for verification...
Challenge failed for domain my.otherdomain.com
http-01 challenge for my.otherdomain.com
Cleaning up challenges
Some challenges have failed.
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: my.otherdomain.com
Type: unauthorized
Detail: Invalid response from
http://my.otherdomain.com/.well-known/acme-challenge/p16SmhyufIGQ75fnhWQ4zxf49TCLfnX4SoWRmBqAHBg
[129.151.176.124]: "\n我想我的反向代理设置是错误的。在互联网上搜索答案是很有挑战性的。下面是我在Nextcloud机器上的/etc/lighttpd/ttttpd.conf文件:
server.modules = (
"mod_indexfile",
"mod_setenv",
"mod_access",
"mod_alias",
"mod_redirect",
"mod_proxy",
)
server.document-root = "/var/www"
server.upload-dirs = ( "/var/cache/lighttpd/uploads" )
server.errorlog = "/var/log/lighttpd/error.log"
server.pid-file = "/run/lighttpd.pid"
server.username = "www-data"
server.groupname = "www-data"
server.port = 80
# features
#https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_feature-flagsDetails
server.feature-flags += ("server.h2proto" => "enable")
server.feature-flags += ("server.h2c" => "enable")
server.feature-flags += ("server.graceful-shutdown-timeout" => 5)
#server.feature-flags += ("server.graceful-restart-bg" => "enable")
# strict parsing and normalization of URL for consistency and security
# https://redmine.lighttpd.net/projects/lighttpd/wiki/Server_http-parseoptsDetails
# (might need to explicitly set "url-path-2f-decode" = "disable"
# if a specific application is encoding URLs inside url-path)
server.http-parseopts = (
"header-strict" => "enable",# default
"host-strict" => "enable",# default
"host-normalize" => "enable",# default
"url-normalize-unreserved"=> "enable",# recommended highly
"url-normalize-required" => "enable",# recommended
"url-ctrls-reject" => "enable",# recommended
"url-path-2f-decode" => "enable",# recommended highly (unless breaks app)
#"url-path-2f-reject" => "enable",
"url-path-dotseg-remove" => "enable",# recommended highly (unless breaks app)
#"url-path-dotseg-reject" => "enable",
#"url-query-20-plus" => "enable",# consistency in query string
)
index-file.names = ( "index.php", "index.html" )
url.access-deny = ( "~", ".inc" )
static-file.exclude-extensions = ( ".php", ".pl", ".fcgi" )
# default listening port for IPv6 falls back to the IPv4 port
include_shell "/usr/share/lighttpd/use-ipv6.pl " + server.port
include_shell "/usr/share/lighttpd/create-mime.conf.pl"
include "/etc/lighttpd/conf-enabled/*.conf"
#server.compat-module-load = "disable"
server.modules += (
"mod_dirlisting",
"mod_staticfile",
)
# proxy settings
$HTTP["host"]=~ "my.otherdomain.com" {
proxy.balance = "fair"
proxy.server = ("" =>
(
( "host" => "192.168.0.261", "port" => 80 ),
( "host" => "192.168.0.261", "port" => 443 )
))
}从技术上讲,代理设置应该在10-proxy.conf中。我需要运行这个命令:
lighty-enable-mod proxy这将在/etc/lighttpd/conf中创建一个符号链接,启用到/etc/lighttpd/conf中的10-proxy.conf。我看到我可以简单地在lighttpd.conf中添加代理设置--没有必要使用10-proxy.conf。
当前设置意味着到my.otherdomain.com的传入流量将在第二台weewx机器上结束。然而,certbot需要进行沟通。我对在哪里运行certbot感到困惑--从我的weewx机器还是从我的NextCloud机器?
我不是Linux,我需要一些关于如何设置lighttpd来做正向和反向代理的指导,这样我的weewx机器就可以安全了。大多数与此相关的文章都提到了Apache、nginx或一些特定的web应用程序设置。使用regex类表示法,lighttpd设置的语法相当混乱。例如:
$HTTP['host'] =~ '^(www.example.com)对于像我这样的简单的人来说,没有一步一步的简单英语教程。 {
url.rewrite-once = ('^/(.*)' => '/vhost/http/%0/$1')
# In lighttpd we alter the path manually using rewrite rule. %0
# refers to the hostname and $1 is the path.
proxy.server = ( '' =>
( (
'host' => '127.0.0.1',
'port' => 8080
) )
)
}对于像我这样的简单的人来说,没有一步一步的简单英语教程。
回答 1
Unix & Linux用户
发布于 2021-09-12 07:25:09
我把问题解决了.这包括将第三个Raspberry配置为运行nginx代理管理器( https://nginxproxymanager.com/)的专用代理服务器。我使用了这里描述的设置:https://www.gitmemory.com/issue/MichaIng/DietPi/4417/847424141。
基本上,我遵循的步骤是:
- 建立一个新的Raspberry Pi运行Dietpi
- 从Dietpi软件菜单中安装docker和docker组合
- 创建一个Nginx目录
- 在此目录中创建一个具有以下内容的docker-compose.yml文件夹:
version: "3"
services:
app:
image: 'jc21/nginx-proxy-manager:2'
restart: always
ports:
# Public HTTP Port:
- '80:80'
# Public HTTPS Port:
- '443:443'
# Admin Web Port:
- '81:81'
# Add any other Stream port you want to expose
# - '21:21' # FTP
environment:
# If you would rather use Sqlite uncomment this
# and remove all DB_MYSQL_* lines above
DB_SQLITE_FILE: "/data/database.sqlite"
# Uncomment this if IPv6 is not enabled on your host
# DISABLE_IPV6: 'true'
volumes:
- ./data:/data
- ./letsencrypt:/etc/letsencrypt- 创建一个sqlite数据库:
touch ./data/database.sqlite.- 使用以下命令设置nginx代理管理器:
docker-compose up -d- 重新启动覆盆子,Pi和中提琴-它工作的盒子!
- 然后,我登录到管理界面http://proxyserver_ip:81。这是一个整洁的/现代的界面。然后,我将端口转发添加到运行nextcloud和weewx的两个服务器上。nginx代理管理器通过Letsencrypt获得SSL证书。没有必要将这些安装在每台服务器上。代理转发使用端口80,但在管理界面的SSL选项卡下,可以强制使用https。
- 一旦启用https (502坏网关),我就遇到了nextcloud服务器的一个小问题。我需要将以下行添加到nextcloud config.php文件中:
'overwriteprotocol' => 'https',- 一切都像以前一样甜蜜!
https://unix.stackexchange.com/questions/668569
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号