首页 \ 问答 \ 使用proxy_pass会影响letsencrypt的安装吗?(Will using proxy_pass affect letsencrypt installation?)

使用proxy_pass会影响letsencrypt的安装吗?(Will using proxy_pass affect letsencrypt installation?)

我有一个网站,例如。 domain.net并在我的nginx / centos服务器上成功运行了certbot / letsencrypt安装。

该域名是安全的,看起来很棒。 现在我已经添加了一个鬼博客到我想要加密的网站,例如。 blog.domain.net。

此博客设置在与原始网站不同的根文件夹上,但设置相同的服务器。 我正在使用proxy_pass:2000来设置子域。

现在我唯一改变的是我补充说

location ~ /.well-known {
allow all;
}

到我的sites-available nginx中的blog.domain.net.conf文件。 我也尝试将此添加到conf.d / domain.net.conf文件中也无济于事:(

每当我按照安装说明运行certbot时,它就会输出此错误。

Failed authorization procedure. blog.domain.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blog.domain.net/.well-known/acme-challenge/FVQmSHuCmeiOObPDOCiD2OFP8Ivvst5n2ZwIZoeXGU8: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: blog.domain.net
   Type:   unauthorized
   Detail: Invalid response from
   http://blog.domain.net/.well-known/acme-challenge/FVQmSHuCmeiOObPDOCiD2OFP8Ivvst5n2ZwIZoeXGU8:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

任何帮助深表感谢!

谢谢

  • 编辑*

站点内的代码-available / blog.domain.net.conf

server {
    listen       80;
    server_name  blog.domain.net www.blog.domain.net;

    # note that these lines are originally from the "location /" block
    root  /var/www/blog.domain.net/html;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header HOST $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://127.0.0.1:2000;
        proxy_redirect off;
  }

    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

conf.d / blog.domain.net.conf中的代码

# upstream ghost {
#    server 127.0.0.1:2000;
# }

server {
    listen      80;
    server_name blog.domain.net;

    access_log  /var/log/nginx/ghost.access.log;
    error_log   /var/log/nginx/ghost.error.log;

    proxy_buffers 16 64k;
    proxy_buffer_size 128k;

    location ~ /.well-known {
       /var/www/blog.domain.net/html;
    }

location / {
        proxy_pass  http://127.0.0.1:2000;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;

        proxy_set_header    Host            $host;
        proxy_set_header    X-Real-IP       $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto https;
    }

}

I have a website eg. domain.net and have ran certbot/letsencrypt installation successfully on my nginx/centos server.

The domain is secure and looking great. Now I have added a ghost blog to the site which I would like to encrypt eg. blog.domain.net.

This blog is setup on a different root folder than the original website, but same server. I am using a proxy_pass on :2000 to setup the subdomain.

Now the only thing I have changed is I added

location ~ /.well-known {
allow all;
}

to the blog.domain.net.conf file within my sites-available nginx. I have also tried adding this to the conf.d/domain.net.conf file as well with no avail :(

Whenever I run certbot per the installation instructions, it is outputting this error.

Failed authorization procedure. blog.domain.net (http-01): urn:acme:error:unauthorized :: The client lacks sufficient authorization :: Invalid response from http://blog.domain.net/.well-known/acme-challenge/FVQmSHuCmeiOObPDOCiD2OFP8Ivvst5n2ZwIZoeXGU8: "<html>
<head><title>404 Not Found</title></head>
<body bgcolor="white">
<center><h1>404 Not Found</h1></center>
<hr><center>"

IMPORTANT NOTES:
 - The following errors were reported by the server:

   Domain: blog.domain.net
   Type:   unauthorized
   Detail: Invalid response from
   http://blog.domain.net/.well-known/acme-challenge/FVQmSHuCmeiOObPDOCiD2OFP8Ivvst5n2ZwIZoeXGU8:
   "<html>
   <head><title>404 Not Found</title></head>
   <body bgcolor="white">
   <center><h1>404 Not Found</h1></center>
   <hr><center>"

   To fix these errors, please make sure that your domain name was
   entered correctly and the DNS A record(s) for that domain
   contain(s) the right IP address.

Any help is much appreciated!

Thank you

  • EDIT *

Code inside sites-available/blog.domain.net.conf

server {
    listen       80;
    server_name  blog.domain.net www.blog.domain.net;

    # note that these lines are originally from the "location /" block
    root  /var/www/blog.domain.net/html;
    index index.php index.html index.htm;

    location / {
        try_files $uri $uri/ =404;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header HOST $http_host;
        proxy_set_header X-NginX-Proxy true;
        proxy_pass http://127.0.0.1:2000;
        proxy_redirect off;
  }

    error_page 404 /404.html;
    error_page 500 502 503 504 /50x.html;
    location = /50x.html {
        root /usr/share/nginx/html;
    }

    location ~ \.php$ {
        try_files $uri =404;
        fastcgi_pass unix:/var/run/php-fpm/php-fpm.sock;
        fastcgi_index index.php;
        fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
        include fastcgi_params;
    }
}

Code inside conf.d/blog.domain.net.conf

# upstream ghost {
#    server 127.0.0.1:2000;
# }

server {
    listen      80;
    server_name blog.domain.net;

    access_log  /var/log/nginx/ghost.access.log;
    error_log   /var/log/nginx/ghost.error.log;

    proxy_buffers 16 64k;
    proxy_buffer_size 128k;

    location ~ /.well-known {
       /var/www/blog.domain.net/html;
    }

location / {
        proxy_pass  http://127.0.0.1:2000;
        proxy_next_upstream error timeout invalid_header http_500 http_502 http_503 http_504;
        proxy_redirect off;

        proxy_set_header    Host            $host;
        proxy_set_header    X-Real-IP       $remote_addr;
        proxy_set_header    X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header    X-Forwarded-Proto https;
    }

}

原文:https://stackoverflow.com/questions/42218796
更新时间:2020-02-28 15:52

最满意答案

我认为您正在使用--web-root选项运行Letsencrypt安装,如果是这样,请将web root设置为/var/www/html/或放置HTML内容的路径; 然后

location ~ /.well-known {
   root /var/www/html;
}

这个位置块应该放在所有其他location /您指定proxy_pass选项的location /之上,我已经在这里回答了一个letsencrypt问题,请使用您的安装命令进行检查。


I think you are running Letsencrypt install with --web-root option, if so set web root to /var/www/html/ or path where an HTML content is place; then

location ~ /.well-known {
   root /var/www/html;
}

this location block should be placed above all other like location / where you may specified proxy_pass option, i already answered a letsencrypt question here, check it with your install command.

2017-05-23

相关文章

更多

最新问答

更多
  • css在元素之前中断列而不破坏包装器(css break column before element without breaking the wrapper)
  • 如何在Xamarin共享项目中使用自定义渲染器(How to use Custom Renderer in Xamarin Shared Project)
  • 如何为特定表中的特定字段设置唯一?(How to set unique for specific field from specific table?)
  • Google SDK iOS - sign()方法完成处理程序(Google SDK iOS - sign() method completion handler)
  • 在具有接口{}值的地图上实现String()(Implement String() on a map with interface{} values)
  • 检查数据库中是否已存在用户名(Check if username already exist in DB)
  • 使用javascript进行ajax调用时阻止用户交互(Block user interaction while doing ajax call using javascript)
  • 什么'if(err)'在Javascript中精确测试?(What does 'if (err)' tests precisely in Javascript?)
  • jQuery mouseleave无法正常工作(jQuery mouseleave not working)
  • 寻求使用的一些说明(Seeking some clarification on use of )
  • 将数组传递给注释的语法(syntax for passing array to annotation)
  • 用于从两个日期范围之间的文件中提取数据的Shell脚本(Shell script to extract data from file between two date ranges)
  • 元素隐藏但父()没有(Element hides but parent() not)
  • 如何使用Google App Engine Java平台开发web ui(How to develop web ui with Google App Engine Java platform)
  • 对于OWL A级;(For an OWL class A; Getting all properties that A is their domain)
  • Excel VBA公式格式问题(Excel VBA Formula Format Issue)
  • ORA - 02287序列号不允许在这里(ORA - 02287 sequence number not allowed here)
  • Github拉忽略特定文件(Github Pull Ignore Specific File)
  • SQL CONVERT函数在SQL Server中工作但不在应用程序中(SQL CONVERT function working in SQL Server but not in application)
  • backbone.js适用于大型应用程序(backbone.js for large applications)
  • 防止程序关闭(Preventing program from closing)
  • 生成不带图像的heightMap(Generating a heightMap without an Image)
  • Bootstrap - 如何将包含文本的div居中?(Bootstrap - How to center div that has text inside it?)
  • Android - 片段findViewById()总是null?(Android - Fragment findViewById() always null?)
  • 确定CSS中的高度(Figuring out heights in CSS)
  • 使用__autoload包含类和使用命名空间(Use __autoload to include class and use namespace)
  • setTimeout()不允许我传递文本值[重复](setTimeout() doesn't allow me to pass text values [duplicate])
  • 在NSUserDefault中恢复值(Restoring value in NSUserDefault)
  • 知道如何将这种下沉的悬停效果添加到图像/链接吗?(Any idea how to add this sinking hover effect to an image/link?)
  • 在XIB中淡入/淡出UISegmentedControl(fade in/fade out UISegmentedControl in XIB)