Nodejs:如何用Caddy2反向代理+ TLS证书?
Nodejs:如何用Caddy2反向代理+ TLS证书?
提问于 2022-12-02 04:40:42
这是我第一次将nodejs从localhost部署到活动服务器。我正在使用aapanel作为我的实时服务器。
以下是node server.js文件中的相关代码:
const hostname = 'localhost';
// const hostname = 'www.thespacebar.io';
// set port, listen for requests
const PORT = process.env.PORT || 8080;
app.listen(PORT, hostname, () => {
console.log(`Server is running on port ${PORT}.`);
});以下是我的pm2设置:
我无法用GET https://www.thespacebar.io:8080打开我的https://www.thespacebar.io:8080应用程序,但它适用于GET http://www.thespacebar.io:8080
GET https://www.thespacebar.io:8080无法处理错误:
This site can’t provide a secure connection
ERR_SSL_PROTOCOL_ERROR有人知道我做错了什么吗?
编辑:我安装了Caddy并在/etc/caddy中设置了Caddyfile,如下所示:
# The Caddyfile is an easy way to configure your Caddy web server.
#
# Unless the file starts with a global options block, the first
# uncommented line is always the address of your site.
#
# To use your own domain name (with automatic HTTPS), first make
# sure your domain's A/AAAA DNS records are properly pointed to
# this machine's public IP, then replace ":80" below with your
# domain name.
import ./thespacebar.io
:80 {
# Set this path to your site's directory.
root * /usr/share/caddy
# Enable the static file server.
file_server
# Another common task is to set up a reverse proxy:
# reverse_proxy localhost:8080
# Or serve a PHP site through php-fpm:
# php_fastcgi localhost:9000
}
# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile并创建了相邻的文件thespacebar.io
thespacebar.io {
reverse_proxy localhost:8080
}但是,当我访问https://thespacebar.io/时,我在index.html而不是JSON { message: "Welcome to bezkoder application." }和POST http://www.thespacebar.io/api/verification/callback与body param verify_token:abcde一起显示JSON:
{
"message": "Callback called successfully."
}而不是404 Not Found
编辑2:我删除了该部分:
# :80 {
# Set this path to your site's directory.
# root * /usr/share/caddy
# Enable the static file server.
# file_server
# Another common task is to set up a reverse proxy:
# reverse_proxy localhost:8080
# Or serve a PHP site through php-fpm:
# php_fastcgi localhost:9000
# }
# Refer to the Caddy docs for more information:
# https://caddyserver.com/docs/caddyfile来自etc/caddy/Caddyfile
但是,当我运行caddy run Caddyfile和caddy reload Caddyfile时,我会得到以下错误:
[root@vultrguest caddy]# caddy run Caddyfile
2022/12/02 08:11:44.132 INFO using adjacent Caddyfile
2022/12/02 08:11:44.132 WARN Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies {"adapter": "caddyfile", "file": "Caddyfile", "line": 12}
2022/12/02 08:11:44.133 INFO admin admin endpoint started {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
2022/12/02 08:11:44.133 INFO http server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
2022/12/02 08:11:44.133 INFO http enabling automatic HTTP->HTTPS redirects {"server_name": "srv0"}
2022/12/02 08:11:44.133 INFO tls.cache.maintenance started background certificate maintenance {"cache": "0xc000151030"}
2022/12/02 08:11:44.133 INFO tls.cache.maintenance stopped background certificate maintenance {"cache": "0xc000151030"}
Error: loading initial config: loading new config: http app module: start: listening on :80: listen tcp :80: bind: address already in use
[root@vultrguest caddy]# caddy reload Caddyfile
2022/12/02 08:11:49.875 INFO using adjacent Caddyfile
2022/12/02 08:11:49.876 WARN Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies {"adapter": "caddyfile", "file": "Caddyfile", "line": 12}
Error: sending configuration to instance: performing request: Post "http://localhost:2019/load": dial tcp [::1]:2019: connect: connection refused
[root@vultrguest caddy]# 如果我运行GET http://www.thespacebar.io:8080,就会得到:
Web server is down Error code 521
Visit cloudflare.com for more information.
2022-12-02 08:22:13 UTC
You回答 2
Stack Overflow用户
发布于 2022-12-02 07:51:44
作为反向代理设置起来很简单,而且它可以用最少的麻烦来为您加密SSL证书。
{
email example@email.com
}
thespacebar.io {
reverse_proxy localhost:8080
}我看你发布了更新-我要删除的一件事是
:80 {
.....
}如果您阅读了您发布的文本,它确实说将:80替换为您的域(但不要添加:80,否则caddy就不会为域执行证书)
我还看到你还没有设置一个带有电子邮件地址的全局部分--我很确定,要让它生效(请不要引用我的话)--至少在我第一次开始使用caddy时是这样的。
Stack Overflow用户
发布于 2022-12-02 19:20:20
以下是caddy v2通用caddyfile的一些伪代码
下面的代码使用"\*" "*" "\" 替换,以在减价中转义 "/*"
此代码将向响应中添加基本的安全头和cors。
它将代理通过本地主机端口9883上的进程。
如果您有您的服务器的dns记录,它将为您设置letsencrypt证书,并在需要时进行更新。
见caddy片段https://caddyserver.com/docs/caddyfile/concepts#snippets
# begin common code block snippet to be imported into the server block,
# for example here we set common security headers
# see the markdown escape comment above for "/\*" should be "/*"
(common) {
header /\* {
-Server
-X-Powered-By
+X-Permitted-Cross-Domain-Policies none
+X-Frame-Options DENY
+X-Content-Type-Options nosniff
+Strict-Transport-Security "max-age=63072000 includeSubDomains preload"
+Referrer-Policy no-referrer
}
}
# cors snippet
(cors) {
@cors_preflight method OPTIONS
# "{args.0}" is an input value used when calling the snippet
@cors header Origin "{args.0}"
handle @cors_preflight {
header Access-Control-Allow-Origin "{args.0}"
header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE"
header Access-Control-Allow-Headers "Content-Type"
header Access-Control-Max-Age "3600"
respond "" 204
}
}
# main server block
# dns record for server is myserver.edu
myserver.edu {
# import common sec headers snippet
import common
# import cors snippet passing server name parameter, wildcard cors poor sec
import cors myserver.edu
# proxy redirect see handle_path directive
# https://caddyserver.com/docs/caddyfile/directives/handle_path
# see the markdown escape comment above for "/\*" should be "/*"
handle_path /somepath/\* {
reverse_proxy localhost:9883 {
header_up X-Real-IP {remote_host}
# caddy will add X-Forwarded-For for you so not need this one
#header_up X-Forwarded-For {remote_host}
header_down Content-Security-Policy "media-src blob:"
}
}
}页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/74650981
复制相关文章
相似问题
腾讯云开发者
