使用 proxy_pass 会影响 letsencrypt 安装吗?
Will using proxy_pass affect letsencrypt installation?
我有一个网站,例如。 domain.net
并在我的 nginx/centos 服务器上成功安装 运行 certbot/letsencrypt。
域名安全且看起来不错。现在我已经在我想加密的网站上添加了一个幽灵博客,例如。博客.domain.net.
此博客设置在与原始网站不同的根文件夹中,但服务器相同。我在 :2000 上使用 proxy_pass 来设置子域。
现在我唯一改变的是我添加了
location ~ /.well-known {
allow all;
}
到博客。domain.net.conf 文件在我的站点中-可用的 nginx。
我也尝试将其添加到 conf.d/domain.net.conf 文件中,但没有成功:(
每当我按照安装说明 运行 certbot 时,它都会输出此错误。
Failed authorization procedure. blog.domain.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blog.domain.net/.well-known/acme-challenge/FVQmSHuCmeiOObPDOCiD2OFP8Ivvst5n2ZwIZoeXGU8: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: blog.domain.net
Type: unauthorized
Detail: Invalid response from
http://blog.domain.net/.well-known/acme-challenge/FVQmSHuCmeiOObPDOCiD2OFP8Ivvst5n2ZwIZoeXGU8:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
非常感谢任何帮助!
谢谢
- 编辑 *
里面的代码sites-available/blog.domain.net.conf
server {
listen 80;
server_name blog.domain.net www.blog.domain.net;
# note that these lines are originally from the "location /" block
root /var/www/blog.domain.net/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:2000;
proxy_redirect off;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
代码在 conf.d/blog.domain.net.conf
# upstream ghost {
# server 127.0.0.1:2000;
# }
server {
listen 80;
server_name blog.domain.net;
access_log /var/log/nginx/ghost.access.log;
error_log /var/log/nginx/ghost.error.log;
proxy_buffers 16 64k;
proxy_buffer_size 128k;
location ~ /.well-known {
/var/www/blog.domain.net/html;
}
location / {
proxy_pass http://127.0.0.1:2000;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
我认为你是 运行 使用 --web-root 选项安装 Letsencrypt,如果是这样,请将 Web 根设置为 /var/www/html/ 或放置 HTML 内容的路径;然后
location ~ /.well-known {
root /var/www/html;
}
这个位置块应该像 location / 一样放置在所有其他块之上,您可以在其中指定 proxy_pass 选项,我已经回答了一个 letsencrypt 问题 here,请使用您的安装命令检查它。
我有一个网站,例如。 domain.net 并在我的 nginx/centos 服务器上成功安装 运行 certbot/letsencrypt。
域名安全且看起来不错。现在我已经在我想加密的网站上添加了一个幽灵博客,例如。博客.domain.net.
此博客设置在与原始网站不同的根文件夹中,但服务器相同。我在 :2000 上使用 proxy_pass 来设置子域。
现在我唯一改变的是我添加了
location ~ /.well-known {
allow all;
}
到博客。domain.net.conf 文件在我的站点中-可用的 nginx。 我也尝试将其添加到 conf.d/domain.net.conf 文件中,但没有成功:(
每当我按照安装说明 运行 certbot 时,它都会输出此错误。
Failed authorization procedure. blog.domain.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blog.domain.net/.well-known/acme-challenge/FVQmSHuCmeiOObPDOCiD2OFP8Ivvst5n2ZwIZoeXGU8: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
IMPORTANT NOTES:
- The following errors were reported by the server:
Domain: blog.domain.net
Type: unauthorized
Detail: Invalid response from
http://blog.domain.net/.well-known/acme-challenge/FVQmSHuCmeiOObPDOCiD2OFP8Ivvst5n2ZwIZoeXGU8:
"<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"
To fix these errors, please make sure that your domain name was
entered correctly and the DNS A record(s) for that domain
contain(s) the right IP address.
非常感谢任何帮助!
谢谢
- 编辑 *
里面的代码sites-available/blog.domain.net.conf
server {
listen 80;
server_name blog.domain.net www.blog.domain.net;
# note that these lines are originally from the "location /" block
root /var/www/blog.domain.net/html;
index index.php index.html index.htm;
location / {
try_files $uri $uri/ =404;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header HOST $http_host;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://127.0.0.1:2000;
proxy_redirect off;
}
error_page 404 /404.html;
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
}
代码在 conf.d/blog.domain.net.conf
# upstream ghost {
# server 127.0.0.1:2000;
# }
server {
listen 80;
server_name blog.domain.net;
access_log /var/log/nginx/ghost.access.log;
error_log /var/log/nginx/ghost.error.log;
proxy_buffers 16 64k;
proxy_buffer_size 128k;
location ~ /.well-known {
/var/www/blog.domain.net/html;
}
location / {
proxy_pass http://127.0.0.1:2000;
proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto https;
}
}
我认为你是 运行 使用 --web-root 选项安装 Letsencrypt,如果是这样,请将 Web 根设置为 /var/www/html/ 或放置 HTML 内容的路径;然后
location ~ /.well-known {
root /var/www/html;
}
这个位置块应该像 location / 一样放置在所有其他块之上,您可以在其中指定 proxy_pass 选项,我已经回答了一个 letsencrypt 问题 here,请使用您的安装命令检查它。