현재 NGINX 구성으로 인해 index.html에 액세스하려고 하면 https로 리디렉션되는 무한 루프가 발생합니다. 누구든지 올바른 방법을 가지고 있습니까?
목표는 포트 443에서 인바운드 요청을 전달하여 동일한 포트에서 로컬 호스트의 WS 연결에 대한 WSS 연결을 시작하는 것입니다. 또한 포트 443의 웹 파일에 대한 요청은 localhost 포트 80으로 전달됩니다.
이는 리디렉션 conf입니다(/etc/nginx/conf.d/myFQDN.conf에 있음).
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream to-websocket {
server localhost:25565;
}
server_tokens off;
# SSL requirements. We use Certbot and LetsEncrypt
#ssl_certificate /etc/letsencrypt/live/-myFQDN-/fullchain.pem; # managed by Certbot
#ssl_certificate_key /etc/letsencrypt/live/-myFQDN-/privkey.pem; # managed by Certbot
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
#ssl_session_cache shared:SSL:1m;
#ssl_session_timeout 5m;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
server {
# first redirect to https
if ($scheme = "http") {
return 301 https://$host$request_uri;
}
# Now webserver
# Port 80 shouldn't be accesed from outside
listen 80 default_server;
listen [::]:80 default_server;
server_name -myFQDN- www.-myFQDN-;
return 404; # managed by Certbot
root /var/www/html;
}
server {
root /var/www/html;
index index.html index.htm;
server_name -myFQDN-;
# Proxy our outside https to local http
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/-myFQDN-/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/-myFQDN-/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
try_files /nonexistent @$http_upgrade;
}
location @websocket {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host -myFQDN-;
proxy_set_header Referer https://-myFQDN-;
proxy_set_header Referrer https://-myFQDN-;
# proxy_pass http://localhost:25565;
proxy_pass http://to-websocket;
}
location @ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host -myFQDN-;
proxy_set_header Referer https://-myFQDN-;
proxy_set_header Referrer https://-myFQDN-;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:80;
}
}