如何解决SSL认证不一致NGINX
我在Digital Ocean小滴上使用带有NGINX的Certbot来服务各种子域。我的本地计算机(chrome,safari和firefox)和我的朋友计算机(chrome和firefox)上的子域可以安全访问,但在我的电话或其他人的计算机(chrome,safari)上却不安全。如何使域和子域始终安全?
域如下:
- joshkaiser.dev(预期:502)
- survivops.joshkaiser.dev(预期:半成品网站)
- sortvisualizer.joshkaiser.dev(预期:条形图)
我认为我的NGINX配置有问题,但是我不知道是什么。
这是我的nginx.conf:
http {
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_names_hash_bucket_size 64;
include /etc/nginx/mime.types;
default_type application/octet-stream;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3,ref: POODLE
ssl_prefer_server_ciphers on;
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
gzip on;
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}
这是我在/ etc / nginx / sites-enabled /中的johskaiser.dev.conf:
server {
listen 80 default_server http2;
listen [::]:80 ipv6only=on http2;
server_name joshkaiser.dev www.joshkaiser.dev;
location / {
proxy_pass http://localhost:8080;
}
}
server {
listen 443 ssl default_server http2;
listen [::]:443 ipv6only=on http2;
server_name joshkaiser.dev www.joshkaiser.dev;
ssl_certificate /etc/letsencrypt/live/joshkaiser.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/joshkaiser.dev/privkey.pem;
location / {
proxy_pass http://0.0.0.0:8080;
}
}
# Survivops
server {
listen 80 http2;
server_name survivops.joshkaiser.dev;
location / {
proxy_pass http://localhost:5000;
}
}
server {
listen 443 ssl http2;
server_name survivops.joshkaiser.dev;
ssl_certificate /etc/letsencrypt/live/joshkaiser.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/joshkaiser.dev/privkey.pem;
location / {
proxy_pass http://0.0.0.0:5000;
}
}
# Sort Visualizer
server {
listen 80 http2;
server_name sortvisualizer.joshkaiser.dev;
root /var/www/sortvisualizer.joshkaiser.dev;
index index.html;
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 443 ssl http2;
server_name sortvisualizer.joshkaiser.dev;
root /var/www/sortvisualizer.joshkaiser.dev;
index index.html;
ssl_certificate /etc/letsencrypt/live/joshkaiser.dev/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/joshkaiser.dev/privkey.pem;
location / {
try_files $uri $uri/ =404;
}
}
这些是我的证书:
Found the following certs:
Certificate Name: joshkaiser.dev
Serial Number: 37d86e384e3b1ad3b0aadb29618f4411683
Domains: joshkaiser.dev *.joshkaiser.dev
Expiry Date: 2020-12-20 21:57:41+00:00 (VALID: 87 days)
Certificate Path: /etc/letsencrypt/live/joshkaiser.dev/fullchain.pem
Private Key Path: /etc/letsencrypt/live/joshkaiser.dev/privkey.pem
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com(将#修改为@)