0

这是我的default.conf文件:

# General proxy configuration stuff to apply to everything.
#
# Note that 'proxy_redirect default;' found later in the server
# configs is pretty important. It is like proxypassreverse in Apache
# in that it makes sure that the client does not see the redirected
# URL path and get confused.

proxy_set_header   Host $host;
proxy_set_header   X-Real-IP $remote_addr;
proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header   X-Forwarded-Host $server_name;
proxy_pass_header  Authorization;
proxy_pass_request_headers on;
proxy_connect_timeout       600;
proxy_send_timeout          600;
proxy_read_timeout          600;
send_timeout                600;


# The ssl_protocols line is required so we only allow TLSv1.2 and
# not earlier (insecure) versions
ssl_protocols TLSv1.2;


server {
       # Server for main (both servers use same SSL stuff)

       server_name myapi myapi.domain.com www.myapi.domain.com;
       listen 443 ssl;
       location / {
            proxy_set_header   X-Forwarded-Authorization $http_authorization;
            proxy_set_header   Host $host;
            proxy_set_header   X-Real-IP $remote_addr;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Host $server_name;
            proxy_set_header   X-Forwarded-User $remote_user;

            proxy_pass         http://myapi;
            proxy_redirect     default; # kind of like Apache proxypassreverse
       }


    ssl_certificate /etc/letsencrypt/live/myapi.domain.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/myapi.domain.com/privkey.pem; # managed by Certbot

}

server {

   # redirect regular HTTP to ssl but only if on a full domain
   # this is so we don't get in a loop since our ssl listeners
   # forward to local domain names based on virtual host name

   server_name *.domain.com;
   listen 80;
   return 301 https://$host$request_uri;
}

server {
    if ($host = www.myapi.domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    if ($host = myapi.domain.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


    server_name myapi myapi.domain.com www.myapi.domain.com
    listen 443 ssl;
    listen 80;
    return 404; # managed by Certbot


}

证书已成功生成,但由于某种原因,当我尝试访问 api 时出现 500 错误。

此外,如果我这样做:

import ssl
cert = ssl.get_server_certificate(('myapi.domain.com', 443))

我得到一个有效的证书。

有什么想法吗?

4

0 回答 0