1. 首页
  2. 问答
  3. Node.js Nginx LetsEncrypt Bad Gateway

Node.js Nginx LetsEncrypt Bad Gateway

2016-02-27 74 views
2

我使用nginx和LetsEncrypt设置了一个Node.js应用程序。Node.js Nginx LetsEncrypt Bad Gateway

我设置了它,但每次尝试访问它时,它都会给我一个502 Bad Gateway错误。

的Node.js没有显示任何东西,所以我想它甚至没有访问应用程序,检查了Nginx的日志和母猪这个...

2016/02/27 09:12:11 [error] 15706#0: OCSP_basic_verify() failed (SSL: error:27069076:OCSP routines:OCSP_basic_verify:signer certificate not found) while requesting certificate status, responder: ocsp.int-x1.letsencrypt.org 
2016/02/27 09:12:11 [error] 15706#0: *1 upstream prematurely closed connection while reading response header from upstream, client: 212.121.109.65, server: gamepit.nl, request: "GET/HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "gamepit.nl" 
2016/02/27 09:12:11 [error] 15706#0: *1 upstream prematurely closed connection while reading response header from upstream, client: 212.121.109.65, server: gamepit.nl, request: "GET/HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "gamepit.nl" 
2016/02/27 09:12:11 [error] 15706#0: *1 upstream prematurely closed connection while reading response header from upstream, client: 212.121.109.65, server: gamepit.nl, request: "GET/HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "gamepit.nl" 
2016/02/27 09:12:11 [error] 15706#0: *1 upstream prematurely closed connection while reading response header from upstream, client: 212.121.109.65, server: gamepit.nl, request: "GET/HTTP/1.1", upstream: "http://127.0.0.1:8080/", host: "gamepit.nl"

nginx的配置:

upstream app_gamepit { 
     server 127.0.0.1:3000; 
} 

# the nginx server instance 
server { 
    listen 443 ssl; 
    server_name gamepit.nl; 
    access_log /var/log/nginx/gamepit.log; 

    ssl on; 
    gzip on; 

    ssl_certificate /etc/letsencrypt/live/gamepit.nl/cert.pem; 
    ssl_certificate_key /etc/letsencrypt/live/gamepit.nl/privkey.pem; 

    ssl_stapling on; 
    ssl_stapling_verify on; 
    ssl_trusted_certificate /etc/letsencrypt/live/gamepit.nl/fullchain.pem; 

    # pass the request to the node.js server with the correct headers 
    # and much more can be added, see nginx config options 
    location/{ 
     proxy_pass https://app_gamepit/; 
     proxy_redirect off; 
    } 
} 

server { 
    listen 443; 
    server_name www.gamepit.nl; 
    rewrite ^/(.*) https://gamepit.nl/$1 permanent; 
}

节点.js文件的应用程序(非常小的,因为我测试...)

var fs = require('fs'); 
var https = require('https'); 

var privateKey = fs.readFileSync('/etc/letsencrypt/live/gamepit.nl/privkey.pem', 'utf8'); 
var certificate = fs.readFileSync('/etc/letsencrypt/live/gamepit.nl/fullchain.pem', 'utf8'); 
var ca = fs.readFileSync('/etc/letsencrypt/live/gamepit.nl/chain.pem', 'utf8'); 

var credentials = {key: privateKey, cert: certificate, ca: ca}; 

var app = require('express')(); 

app.use(function(req, res, next) { 
     console.log('site call!', req.originalUrl); 
     next(); 
}); 

app.get('/', function(req, res) { 
     res.send('Hello World'); 
     res.end(); 
}); 

var https = https.createServer(credentials, app); 

https.listen(3000,'127.0.0.1', function() { 
     console.log('running!'); 
});

来源

2016-02-27 CreasolDev

+0

你为什么要在nginx和node中都放键? – loadaverage

+0

因为一些教程告诉我这样:P 我可以检查它是否有所作为,请稍等。 – CreasolDev

+0

当我删除关于SSL的线路时,nginx给了我一个SSL协议错误,所以NGINX需要知道SSL证书,node.js需要它们进行加密,这是我认为的:) – CreasolDev

回答

1

我发现这个问题... 有我S ON github

,而不是

ssl_certificate /etc/letsencrypt/live/domain.com/cert.pem;

的问题,您应该使用

ssl_certificate /etc/letsencrypt/live/domain.com/fullchain.pem;

我不知道为什么,但它现在的作品。

来源

2016-02-27 15:02:05 CreasolDev

+0

因为它包含证书和链回到CA. – Dominik

相关问题

 相关问题