dpp42324
2019-01-20 04:43
浏览 178
已采纳

使用SSL在Nginx反向代理后面运行Go服务器

I've done some digging through the interwebs and haven't been able to come across anything similar (at least near any solution that has worked out for me).

Essentially, I am running a Golang server locally on 127.0.0.1:1337, I want this to be accessible globally so I use Nginx to forward traffic from https://api.example.com/ to my API to retrieve information.

With that being said, I have simply setup my Golang server to listen and serve on port 1337 and my Nginx configuration is setup to redirect all HTTP traffic (for all domains) to HTTPS:

server {
    listen 80 default_server;

    server_name _; 
    return 301 https://$host$request_uri;
}

and then I redirect traffic to port 1337 here:

server {
    server_name api.example.com;
    location / {
        proxy_pass http://127.0.0.1:1337;
    }

    listen 443 ssl;
    ssl_certificate_key /etc/nginx/ssl/private.key;
    ssl_certificate /etc/nginx/ssl/cert.crt;   
}

The issue with this is that I find myself to keep getting redirects from HTTPS to HTTP (as per wget) and I end up getting a Too Many Redirects error.

If anyone can provide some guidance, I'd very much appreciate it!

图片转代码服务由CSDN问答提供 功能建议

我已经完成了一些对跨网的挖掘工作,但没有遇到类似的问题(至少在附近

基本上,我正在 127.0.0.1:1337 上本地运行Golang服务器,我希望可以访问此服务器 因此,我使用Nginx将流量从 https://api.example.com/ 转发到我的API以检索信息。

话虽如此,我 只需将我的Golang服务器设置为侦听并在端口 1337 上进行服务,并且我的Nginx配置已设置为将所有HTTP流量(用于所有域)重定向到HTTPS:

 服务器{
监听80 default_server; 
 
 server_name _;  
返回301 https:// $ host $ request_uri; 
} 
   
 
 

,然后在此处将流量重定向到端口1337: \ n

 服务器{
 server_name api.example.com; 
位置/ {
 proxy_pass http://127.0.0.1:1337;
} 
 
监听443 ssl; 
 ssl_certificate_key  /etc/nginx/ssl/private.key;
 ssl_certificate /etc/nginx/ssl/cert.crt;  
} 
   
 
 

与此有关的问题是,我发现自己不断从HTTPS重定向到HTTP(按照 wget ) 我最终遇到重定向过多错误。

如果有人可以提供一些指导,我将非常感谢! < / DIV>

  • 写回答
  • 关注问题
  • 收藏
  • 邀请回答

1条回答 默认 最新

  • dshp9580656 2019-01-20 07:34
    已采纳

    server_name _; matches server name that can not find matches.

    I have done that before.

    See my nginx config to proxy api backend:

    # ssl
    ssl_certificate      /etc/nginx/cert/live/ybilly.com/fullchain.pem;
    ssl_certificate_key  /etc/nginx/cert/live/ybilly.com/privkey.pem;
    
    # http to https
    server {
      listen 80 default_server;
      listen [::]:80 default_server;
      server_name ybilly.com www.ybilly.com *.ybilly.com;
      return 301 https://$host$request_uri;
    }
    
    # api backend
    server {
      listen 443 ssl http2;
      listen [::]:443 ssl http2;
      server_name *.ybilly.com;
    
      location / {
        add_header Access-Control-Allow-Origin *;
        add_header Access-Control-Allow-Methods 'GET, POST, OPTIONS';
        add_header Access-Control-Allow-Headers 'DNT,X-Mx-ReqToken,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authorization';
        proxy_set_header Host $host;
        proxy_set_header X-Real-Ip $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_pass_header Set-Cookie;
        proxy_read_timeout                 900;
        proxy_buffers 32 4k;
        proxy_pass http://127.0.0.1:8080/;
      }
    
    }
    
    
    已采纳该答案
    打赏 评论

相关推荐 更多相似问题