nginx 配置代理转发以及权限错误处理
nginx配置代理转发
location /vbh_explorer_server { proxy_set_header Host $host; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; proxy_pass http://127.0.0.1:8089/vbh_explorer_server; }
出现权限错误
2019/12/15 21:12:03 [crit] 23193#0: *6 connect() to 127.0.0.1:8089 failed (13: Permission denied) while connecting to upstream, client: 192.168.0.20, server: _, request: "POST /vbh_explorer_server/get _block_count HTTP/1.1", upstream: "http://127.0.0.1:8089/vbh_explorer_server/get_block_count", host: "192.168.0.233", referrer: "http://192.168.0.233/"
解决权限错误
-
/usr/sbin/sestatus -v ##如果SELinux status参数为enabled即为开启状态
SELinux status: enabled getenforce ##也可以用这个命令检查
关闭SELinux:
-
临时关闭(不用重启机器):
setenforce 0 ##设置SELinux 成为permissive模式 ##setenforce 1 设置SELinux 成为enforcing模式
-
修改配置文件需要重启机器:
将SELINUX=enforcing改为SELINUX=disabled
HTTPS
openssl genrsa -des3 -out server.key 2048 会提示设置密码 openssl req -new -x509 -key server.key -out ca.crt -days 3650 openssl req -new -key server.key -out server.csr 需要依次输入国家,地区,组织,email。最重要的是有一个common name,可以写你的名字或者域名。如果为了https申请,这个必须和域名吻合,否则会引发浏览器警报。生成的csr文件交给CA签名后形成服务端自己的证书。 openssl x509 -req -days 3650 -in server.csr -CA ca.crt -CAkey server.key -CAcreateserial -out server.crt cat server.key server.crt > server.pem
打开nginx 的配置文件,增加如下部分
# SSL configuration # listen 443 ssl default_server; listen [::]:443 ssl default_server; # # Note: You should disable gzip for SSL traffic. # See: https://bugs.debian.org/773332 # # Read up on ssl_ciphers to ensure a secure configuration. # See: https://bugs.debian.org/765782 # # Self signed certs generated by the ssl-cert package # Don't use them in a production server! # # include snippets/snakeoil.conf; ssl_protocols TLSv1.2 TLSv1.1 TLSv1; ssl_certificate /home/jklou/Here/TT/server.crt; ssl_certificate_key /home/jklou/Here/TT/server.key; ssl_prefer_server_ciphers on; #ssl_password_file /path-to-your-passphrase/ssl.pass; #自动跳转到 HTTPS (可选) if ($server_port = 80) { rewrite ^(.*)$ https://$host$1 permanent; }
启动的时候要输入设置的密码