http - 来自让我们使用后端 api 和前端 SPA 的 nginx 代理加密的 SSL 证书

问题描述

我正在尝试为我新创建的网站设置 SSL 证书。

• 我从 Domains.com 购买了域名
  • 我没有打开 LetsEncrypt Free SSL 或 Enforce SSL。我是不是该？
  • 我将域设置为秘密重定向到 IPv4 地址
• 我在我的 nginx 代理后面设置的服务器上设置了我的后端（ASP.NET Core）
  • 当我尝试指南中的第 7 步时，它并不总是运行，应该是吗？
  • 我还没有为 SSL 配置这个
• 我在服务器上有我的前端 SPA (Vue.js) 静态文件供 nginx 服务
• 我已经安装并配置了 nginx
• 我已经从这里的指南安装了 certbot （这在第 7 步失败）
• 我在 AWS Lightsail 环境中运行 Ubuntu 20.04
  • 我为 TCP 流量打开了端口 80 和 443
• 我用 ufw 设置了防火墙规则

目前我的问题是，当我运行 certbot 时，它在上述指南的第 7 步失败。现在，当我访问我的网站时，它会自动从 http 重定向到 https 并继续无法加载页面。我尝试将其更改为listen 80，listen 443但这似乎不起作用。我也尝试按照此处的建议放置一个测试文件，/home/ubuntu/client/dist/.well-known/acme-challenge/test但由于某种原因，它不允许我将它卷曲到 http。curl -ikL http://yabberon.com/.well-known/acme-challenge/test. 我还可能缓存了一些奇怪的 DNS 内容？

Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator nginx, Installer nginx

Which names would you like to activate HTTPS for?
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
1: yabberon.com
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel): 1
Obtaining a new certificate
Performing the following challenges:
http-01 challenge for yabberon.com
Waiting for verification...
Challenge failed for domain yabberon.com
http-01 challenge for yabberon.com
Cleaning up challenges
Some challenges have failed.

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: yabberon.com
   Type:   unauthorized
   Detail: Invalid response from
   http://yabberon.com/.well-known/acme-challenge/oUvNS8hFjexeb2bqhUyeQ5jrEQZFetheOjgjhkryAnA
   [66.96.162.142]: "<!DOCTYPE HTML>\r\n<html>\r\n\r\n    <head>\r\n
   <title>404 Error - Page Not Found</title>\r\n        <style>\r\n
   #ad_frame"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A/AAAA record(s) for that domain
   contain(s) the right IP address.

nginx 配置位于/etc/nginx/sites-available/default（我为 nginx 手动触摸的唯一文件）

server {
    listen        80;

    server_name   yabberon.com *.yabberon.com;

    location / {
        root    /home/ubuntu/client/dist;
        index   index.html;
        try_files $uri $uri/ /index.html;
    }

    location /api/ {
        proxy_pass         http://localhost:5000;
        proxy_http_version 1.1;
        proxy_set_header   Upgrade $http_upgrade;
        proxy_set_header   Connection keep-alive;
        proxy_set_header   Host $host;
        proxy_cache_bypass $http_upgrade;
        proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header   X-Forwarded-Proto $scheme;
    }
}

server {
    # listen   80 default_server;
    listen [::]:80 default_server deferred;
    return   444;
}

超频：

Status: active
Logging: on (low)
Default: deny (incoming), allow (outgoing), deny (routed)
New profiles: skip

To                         Action      From
--                         ------      ----
22/tcp                     ALLOW IN    Anywhere
80,443/tcp (Nginx Full)    ALLOW IN    Anywhere
22/tcp (v6)                ALLOW IN    Anywhere (v6)
80,443/tcp (Nginx Full (v6)) ALLOW IN    Anywhere (v6)

我也可以包括任何其他相关的内容，但我认为这就足够了。

标签： httpsslnginxhttpscertificate