Nginx反向代理并实现https访问

Nginx反向代理并实现https访问

Scroll Down

一、准备工作

  1. 一个正常访问的服务器
  2. 一个域名,并已解析到服务器的ip
  3. 一个链接服务器的ssl工具

二、使用 Nginx 进行反向代理

  1. 安装 Nginx
# 添加 Nginx 源
sudo rpm -Uvh http://nginx.org/packages/centos/7/noarch/RPMS/nginx-release-centos-7-0.el7.ngx.noarch.rpm

# 安装 Nginx
sudo yum install -y nginx

# 启动 Nginx
sudo systemctl start nginx.service

# 设置开机自启 Nginx
sudo systemctl enable nginx.service
  1. 配置 Nginx
# 下载 官方的 Nginx 配置模板(我这个是halo)
curl -o /etc/nginx/conf.d/halo.conf --create-dirs https://dl.halo.run/config/nginx.conf

下载完成之后,我们还需要对其进行修改

# 使用 vim 编辑 halo.conf
vim /etc/nginx/conf.d/halo.conf

打开之后我们可以看到

server {
    listen 80;

注: (***为自己的域名)

    server_name ***  www.***;  
    location / {
        proxy_set_header HOST $host;
        proxy_set_header X-Forwarded-Proto $scheme;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

        proxy_pass http://127.0.0.1:8090/;
    }
}
  1. 修改完成之后
# 检查配置是否有误
sudo nginx -t

# 重载 Nginx 配置
sudo nginx -s reload

三、配置SSL证书

1、更新软件包

sudo yum update -y

2、停止防火墙 (在CentOS7版本以上,默认开启防火墙,不关闭防火墙将无法申请证书)

systemctl stop firewalld && systemctl disable firewalld

3、关闭nginx服务(配置 certbot 的时候)

service nginx stop

4、# 安装 certbot 以及 certbot nginx 插件

sudo yum install certbot python2-certbot-nginx -y

5、执行配置,中途会询问你的邮箱,如实填写即可

sudo certbot --nginx

6、更新软件包

sudo certbot renew --dry-run

四、关于配置ssl证书时所出现的问题已经解决办法

1、防火墙没关闭导致错误

关闭防火墙

2、nginx服务没关闭导致错误

关闭nginx服务

3、配置 SSL 证书证书时,报错ImportError: cannot import name UnrewindableBodyError

问题描述

Traceback (most recent call last):
  File "/usr/bin/tower-cli", line 11, in <module>
    load_entry_point('ansible-tower-cli==3.3.0', 'console_scripts', 'tower-cli')()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 479, in load_entry_point
    return get_distribution(dist).load_entry_point(group, name)
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2703, in load_entry_point
    return ep.load()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2321, in load
    return self.resolve()
  File "/usr/lib/python2.7/site-packages/pkg_resources/__init__.py", line 2327, in resolve
    module = __import__(self.module_name, fromlist=['__name__'], level=0)
  File "/usr/lib/python2.7/site-packages/tower_cli/cli/run.py", line 17, in <module>
    from tower_cli.cli.base import TowerCLI
  File "/usr/lib/python2.7/site-packages/tower_cli/cli/base.py", line 25, in <module>
    from tower_cli.cli import misc
  File "/usr/lib/python2.7/site-packages/tower_cli/cli/misc.py", line 24, in <module>
    from requests.auth import HTTPBasicAuth
  File "/usr/lib/python2.7/site-packages/requests/__init__.py", line 43, in <module>
    import urllib3
  File "/usr/lib/python2.7/site-packages/urllib3/__init__.py", line 10, in <module>
    from .connectionpool import (
  File "/usr/lib/python2.7/site-packages/urllib3/connectionpool.py", line 31, in <module>
    from .connection import (
  File "/usr/lib/python2.7/site-packages/urllib3/connection.py", line 45, in <module>
    from .util.ssl_ import (
  File "/usr/lib/python2.7/site-packages/urllib3/util/__init__.py", line 4, in <module>
    from .request import make_headers
  File "/usr/lib/python2.7/site-packages/urllib3/util/request.py", line 5, in <module>
    from ..exceptions import UnrewindableBodyError
	ImportError: cannot import name UnrewindableBodyError

解决方案

似乎是请求的问题,而不是tower-cli,尝试按照以下步骤重新安装请求和urlib3来查看

# sudo yum remove python-urllib3
# sudo yum remove python-requests
通过执行命令,确认已删除所有上述库:

# pip freeze | grep requests
使用yum安装这些软件包:

# sudo yum install python-urllib3

# sudo yum install python-requests


注:自己在获取证书时遇到了非常多的问题,在这里没有一一列举,如需帮助,可以联系我帮忙解答!

五、获取证书成功