SSL认证不一致NGINX

编程问答 2022-06-12

问题描述

我在Digital Ocean小滴上使用带有NGINX的Certbot来服务各种子域。我的本地计算机(chrome,safari和firefox)和我的朋友计算机(chrome和firefox)上的子域可以安全访问,但在我的电话或其他人的计算机(chrome,safari)上却不安全。如何使域和子域始终安全?

域如下:

  • joshkaiser.dev(预期:502)
  • survivops.joshkaiser.dev(预期:半成品网站)
  • sortvisualizer.joshkaiser.dev(预期:条形图)

我认为我的NGINX配置有问题,但是我不知道是什么。

这是我的nginx.conf:

http {
        sendfile on;
        tcp_nopush on;
        tcp_nodelay on;
        keepalive_timeout 65;
        types_hash_max_size 2048;

        server_names_hash_bucket_size 64;

        include /etc/nginx/mime.types;
        default_type application/octet-stream;

        ssl_protocols TLSv1 TLSv1.1 TLSv1.2 TLSv1.3; # Dropping SSLv3,ref: POODLE
        ssl_prefer_server_ciphers on;

        access_log /var/log/nginx/access.log;
        error_log /var/log/nginx/error.log;

        gzip on;
        include /etc/nginx/conf.d/*.conf;
        include /etc/nginx/sites-enabled/*;
}

这是我在/ etc / nginx / sites-enabled /中的johskaiser.dev.conf:

server {
    listen 80 default_server http2;
    listen [::]:80 ipv6only=on http2;   
    server_name joshkaiser.dev www.joshkaiser.dev;

    location / {
        proxy_pass http://localhost:8080;
    }
}

server {
    listen 443 ssl default_server http2;
    listen [::]:443 ipv6only=on http2;
    
    server_name joshkaiser.dev www.joshkaiser.dev;

    ssl_certificate     /etc/letsencrypt/live/joshkaiser.dev/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/joshkaiser.dev/privkey.pem;
    
    location / {
        proxy_pass http://0.0.0.0:8080;
    }
}


# Survivops

server {
        listen 80 http2;
        server_name survivops.joshkaiser.dev;

        location / {
                proxy_pass http://localhost:5000;
        }
}

server {
        listen 443 ssl http2;

        server_name survivops.joshkaiser.dev;

        ssl_certificate         /etc/letsencrypt/live/joshkaiser.dev/fullchain.pem;
        ssl_certificate_key     /etc/letsencrypt/live/joshkaiser.dev/privkey.pem;

        location / {
                proxy_pass http://0.0.0.0:5000;
        }
}


# Sort Visualizer

server {
        listen 80 http2;
        server_name sortvisualizer.joshkaiser.dev;
    
    root /var/www/sortvisualizer.joshkaiser.dev;

    index index.html;
    
        location / {
        try_files $uri $uri/ =404;
        }
}

server {
        listen 443 ssl http2;

        server_name sortvisualizer.joshkaiser.dev;

    root /var/www/sortvisualizer.joshkaiser.dev;

    index index.html;

        ssl_certificate         /etc/letsencrypt/live/joshkaiser.dev/fullchain.pem;
        ssl_certificate_key     /etc/letsencrypt/live/joshkaiser.dev/privkey.pem;

        location / {
        try_files $uri $uri/ =404;
        }
}

这些是我的证书:

Found the following certs:
  Certificate Name: joshkaiser.dev
    Serial Number: 37d86e384e3b1ad3b0aadb29618f4411683
    Domains: joshkaiser.dev *.joshkaiser.dev
    Expiry Date: 2020-12-20 21:57:41+00:00 (VALID: 87 days)
    Certificate Path: /etc/letsencrypt/live/joshkaiser.dev/fullchain.pem
    Private Key Path: /etc/letsencrypt/live/joshkaiser.dev/privkey.pem

解决方法

暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!

如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。

小编邮箱:dio#foxmail.com (将#修改为@)

certbotdigital-oceanhttps

相关问答

导入项目后报错问题
依赖报错 idea导入项目后依赖报错,解决方案:https://blog....
idea不能识别yaml文件
使用mybatis plus常见错误
错误1:代码生成器依赖和mybatis依赖冲突 启动项目时报错如下...
gradle常见问题与错误
错误1:gradle项目控制台输出为乱码 # 解决方案:https://bl...
Mybatis Plus传入参数0不起作用
错误还原:在查询的过程中,传入的workType为0时,该条件不起...
linux中make编译源码包失败
报错如下,gcc版本太低 ^ server.c:5346:31: 错误:‘struct...