您没有确切地包括您想要的内容(例如,哪个应用程序应该为请求提供服务,哪些端口以及应该对HTTP请求做什么),但我假定
-
所有端口80请求都是HTTP,所有443请求都是HTTPS。
-
您希望将所有HTTP请求重定向到HTTPS
-
所有HTTPS请求都应传递到节点
如果是这样,这可能就是你真正想要的:
server {
root /var/www/html;
server_name my.domain.co.uk;
location / {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/my.domain.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/my.domain.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = my.domain.co.uk) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name my.domain.co.uk;
return 404; # managed by Certbot
}
第一个服务器块只处理HTTPS请求,并将所有请求传递到节点。第二个服务器块只处理HTTP请求并将其重定向到HTTPS。
