2

我正在使用 nginx 和 LetsEncrypt 设置 Node.js 应用程序。

我设置了它,但每次我尝试访问它时,它都会给我一个 502 Bad Gateway 错误。

Node.js 没有显示任何内容,所以我认为它甚至没有访问应用程序,检查了 nginx 日志并播下了这个......

2016/02/27 09:12:11 [error] 15706#0: OCSP_basic_verify() failed (SSL: error:27069076:OCSP routines:OCSP_basic_verify:signer certificate not found) while requesting certificate status, responder: ocsp.int-x1.letsencrypt.org
2016/02/27 09:12:11 [error] 15706#0: *1 upstream prematurely closed connection while reading response header from upstream, client: 212.121.109.65, server: gamepit.nl, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "gamepit.nl"
2016/02/27 09:12:11 [error] 15706#0: *1 upstream prematurely closed connection while reading response header from upstream, client: 212.121.109.65, server: gamepit.nl, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "gamepit.nl"
2016/02/27 09:12:11 [error] 15706#0: *1 upstream prematurely closed connection while reading response header from upstream, client: 212.121.109.65, server: gamepit.nl, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "gamepit.nl"
2016/02/27 09:12:11 [error] 15706#0: *1 upstream prematurely closed connection while reading response header from upstream, client: 212.121.109.65, server: gamepit.nl, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "gamepit.nl"

nginx配置:

upstream app_gamepit {
        server 127.0.0.1:3000;
}

# the nginx server instance
server {
    listen 443 ssl;
    server_name gamepit.nl;
    access_log /var/log/nginx/gamepit.log;

    ssl on;
    gzip on;

    ssl_certificate /etc/letsencrypt/live/gamepit.nl/cert.pem;
    ssl_certificate_key /etc/letsencrypt/live/gamepit.nl/privkey.pem;

    ssl_stapling on;
    ssl_stapling_verify on;
    ssl_trusted_certificate /etc/letsencrypt/live/gamepit.nl/fullchain.pem;

    # pass the request to the node.js server with the correct headers
    # and much more can be added, see nginx config options
    location / {
      proxy_pass https://app_gamepit/;
      proxy_redirect off;
    }
}

server {
    listen 443;
    server_name www.gamepit.nl;
    rewrite ^/(.*) https://gamepit.nl/$1 permanent;
}

Node.js 应用程序(非常小,因为我正在测试......)

var fs = require('fs');
var https = require('https');

var privateKey  = fs.readFileSync('/etc/letsencrypt/live/gamepit.nl/privkey.pem', 'utf8');
var certificate = fs.readFileSync('/etc/letsencrypt/live/gamepit.nl/fullchain.pem', 'utf8');
var ca = fs.readFileSync('/etc/letsencrypt/live/gamepit.nl/chain.pem', 'utf8');

var credentials = {key: privateKey, cert: certificate, ca: ca};

var app = require('express')();

app.use(function(req, res, next) {
        console.log('site call!', req.originalUrl);
        next();
});

app.get('/', function(req, res) {
        res.send('Hello World');
        res.end();
});

var https = https.createServer(credentials, app);

https.listen(3000,'127.0.0.1',  function() {
        console.log('running!');
});
4

1 回答 1

1

找到问题了。。。github上有问题

代替

ssl_certificate /etc/letsencrypt/live/domain.com/cert.pem;

你应该使用

ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;

我不知道为什么,但它现在有效。

于 2016-02-27T15:02:05.563 回答