1. 首頁
  2. 問答
  3. Node.js Nginx LetsEncrypt Bad Gateway

Node.js Nginx LetsEncrypt Bad Gateway

2016-02-27 109 views
2

我使用nginx和LetsEncrypt設置了一個Node.js應用程序。Node.js Nginx LetsEncrypt Bad Gateway

我設置了它,但每次嘗試訪問它時,它都會給我一個502 Bad Gateway錯誤。

的Node.js沒有顯示任何東西,所以我想它甚至沒有訪問應用程序,檢查了Nginx的日誌和母豬這個...

2016/02/27 09:12:11 [error] 15706#0: OCSP_basic_verify() failed (SSL: error:27069076:OCSP routines:OCSP_basic_verify:signer certificate not found) while requesting certificate status, responder: ocsp.int-x1.letsencrypt.org 
2016/02/27 09:12:11 [error] 15706#0: *1 upstream prematurely closed connection while reading response header from upstream, client: 212.121.109.65, server: gamepit.nl, request: "GET/HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "gamepit.nl" 
2016/02/27 09:12:11 [error] 15706#0: *1 upstream prematurely closed connection while reading response header from upstream, client: 212.121.109.65, server: gamepit.nl, request: "GET/HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "gamepit.nl" 
2016/02/27 09:12:11 [error] 15706#0: *1 upstream prematurely closed connection while reading response header from upstream, client: 212.121.109.65, server: gamepit.nl, request: "GET/HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "gamepit.nl" 
2016/02/27 09:12:11 [error] 15706#0: *1 upstream prematurely closed connection while reading response header from upstream, client: 212.121.109.65, server: gamepit.nl, request: "GET/HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "gamepit.nl"

nginx的配置:

upstream app_gamepit { 
     server 127.0.0.1:3000; 
} 

# the nginx server instance 
server { 
    listen 443 ssl; 
    server_name gamepit.nl; 
    access_log /var/log/nginx/gamepit.log; 

    ssl on; 
    gzip on; 

    ssl_certificate /etc/letsencrypt/live/gamepit.nl/cert.pem; 
    ssl_certificate_key /etc/letsencrypt/live/gamepit.nl/privkey.pem; 

    ssl_stapling on; 
    ssl_stapling_verify on; 
    ssl_trusted_certificate /etc/letsencrypt/live/gamepit.nl/fullchain.pem; 

    # pass the request to the node.js server with the correct headers 
    # and much more can be added, see nginx config options 
    location/{ 
     proxy_pass https://app_gamepit/; 
     proxy_redirect off; 
    } 
} 

server { 
    listen 443; 
    server_name www.gamepit.nl; 
    rewrite ^/(.*) https://gamepit.nl/$1 permanent; 
}

節點.js文件的應用程序(非常小的,因爲我測試...)

var fs = require('fs'); 
var https = require('https'); 

var privateKey = fs.readFileSync('/etc/letsencrypt/live/gamepit.nl/privkey.pem', 'utf8'); 
var certificate = fs.readFileSync('/etc/letsencrypt/live/gamepit.nl/fullchain.pem', 'utf8'); 
var ca = fs.readFileSync('/etc/letsencrypt/live/gamepit.nl/chain.pem', 'utf8'); 

var credentials = {key: privateKey, cert: certificate, ca: ca}; 

var app = require('express')(); 

app.use(function(req, res, next) { 
     console.log('site call!', req.originalUrl); 
     next(); 
}); 

app.get('/', function(req, res) { 
     res.send('Hello World'); 
     res.end(); 
}); 

var https = https.createServer(credentials, app); 

https.listen(3000,'127.0.0.1', function() { 
     console.log('running!'); 
});

來源

2016-02-27 CreasolDev

+0

你爲什麼要在nginx和node中都放鍵? – loadaverage

+0

因爲一些教程告訴我這樣:P 我可以檢查它是否有所作爲,請稍等。 – CreasolDev

+0

當我刪除關於SSL的線路時,nginx給了我一個SSL協議錯誤,所以NGINX需要知道SSL證書,node.js需要它們進行加密,這是我認爲的:) – CreasolDev

回答

1

我發現這個問題... 有我S ON github

,而不是

ssl_certificate /etc/letsencrypt/live/domain.com/cert.pem;

的問題,您應該使用

ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;

我不知道爲什麼,但它現在的作品。

來源

2016-02-27 15:02:05 CreasolDev

+0

因爲它包含證書和鏈回到CA. – Dominik

相關問題

 相關問題