Nodejs:如何使用Caddy2反向代理+ TLS证书?

j91ykkif  于 2022-12-03  发布在  Node.js
关注(0)|答案(2)|浏览(498)

this is my first time deploying nodejs from localhost to the live server. I am using aapanel for my live server.
Here is the relevant code in node server.js file:

  1. const hostname = 'localhost';
  2. // const hostname = 'www.thespacebar.io';
  4. // set port, listen for requests
  5. const PORT = process.env.PORT || 8080;
  6. app.listen(PORT, hostname, () => {
  7.     console.log(`Server is running on port ${PORT}.`);
  8. });

Here is my pm2 settings:

I am unable to open my nodejs app with GET https://www.thespacebar.io:8080 , but it works for GET http://www.thespacebar.io:8080
GET https://www.thespacebar.io:8080 does not work with error:

  1. This site cant provide a secure connection
  2. ERR_SSL_PROTOCOL_ERROR

Anyone know what I did wrong?

EDIT: I have installed Caddy and setup the Caddyfile in /etc/caddy like this:

  1. # The Caddyfile is an easy way to configure your Caddy web server.
  2. #
  3. # Unless the file starts with a global options block, the first
  4. # uncommented line is always the address of your site.
  5. #
  6. # To use your own domain name (with automatic HTTPS), first make
  7. # sure your domain's A/AAAA DNS records are properly pointed to
  8. # this machine's public IP, then replace ":80" below with your
  9. # domain name.
  11. import ./thespacebar.io
  13. :80 {
  14.         # Set this path to your site's directory.
  15.         root * /usr/share/caddy
  17.         # Enable the static file server.
  18.         file_server
  20.         # Another common task is to set up a reverse proxy:
  21.         # reverse_proxy localhost:8080
  23.         # Or serve a PHP site through php-fpm:
  24.         # php_fastcgi localhost:9000
  25. }
  27. # Refer to the Caddy docs for more information:
  28. # https://caddyserver.com/docs/caddyfile

and created the adjacent file thespacebar.io :

  1. thespacebar.io {
  2.   reverse_proxy localhost:8080
  3. }

but when I visit https://thespacebar.io/ , I end up at index.html instead of the JSON { message: "Welcome to bezkoder application." } and POSThttp://www.thespacebar.io/api/verification/callback with body paramverify_token:abcde is supposed to show the JSON:

  1. {
  2.     "message": "Callback called successfully."
  3. }

instead of 404 Not Found

EDIT 2: I have removed the portion:

  1. # :80 {
  2.         # Set this path to your site's directory.
  3. #       root * /usr/share/caddy
  5.         # Enable the static file server.
  6. #       file_server
  8.         # Another common task is to set up a reverse proxy:
  9.         # reverse_proxy localhost:8080
  11.         # Or serve a PHP site through php-fpm:
  12.         # php_fastcgi localhost:9000
  13. # }
  15. # Refer to the Caddy docs for more information:
  16. # https://caddyserver.com/docs/caddyfile

from etc/caddy/Caddyfile
but when I run caddy run Caddyfile and caddy reload Caddyfile , I am getting this error:

  1. [root@vultrguest caddy]# caddy run Caddyfile
  2. 2022/12/02 08:11:44.132 INFO    using adjacent Caddyfile
  3. 2022/12/02 08:11:44.132 WARN    Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies    {"adapter": "caddyfile", "file": "Caddyfile", "line": 12}
  4. 2022/12/02 08:11:44.133 INFO    admin   admin endpoint started  {"address": "localhost:2019", "enforce_origin": false, "origins": ["//localhost:2019", "//[::1]:2019", "//127.0.0.1:2019"]}
  5. 2022/12/02 08:11:44.133 INFO    http    server is listening only on the HTTPS port but has no TLS connection policies; adding one to enable TLS {"server_name": "srv0", "https_port": 443}
  6. 2022/12/02 08:11:44.133 INFO    http    enabling automatic HTTP->HTTPS redirects        {"server_name": "srv0"}
  7. 2022/12/02 08:11:44.133 INFO    tls.cache.maintenance   started background certificate maintenance      {"cache": "0xc000151030"}
  8. 2022/12/02 08:11:44.133 INFO    tls.cache.maintenance   stopped background certificate maintenance      {"cache": "0xc000151030"}
  9. Error: loading initial config: loading new config: http app module: start: listening on :80: listen tcp :80: bind: address already in use
  10. [root@vultrguest caddy]# caddy reload Caddyfile
  11. 2022/12/02 08:11:49.875 INFO    using adjacent Caddyfile
  12. 2022/12/02 08:11:49.876 WARN    Caddyfile input is not formatted; run the 'caddy fmt' command to fix inconsistencies    {"adapter": "caddyfile", "file": "Caddyfile", "line": 12}
  13. Error: sending configuration to instance: performing request: Post "http://localhost:2019/load": dial tcp [::1]:2019: connect: connection refused
  14. [root@vultrguest caddy]#

If I run GEThttp://www.thespacebar.io:8080 I get:

  1. Web server is down Error code 521
  2. Visit cloudflare.com for more information.
  3. 2022-12-02 08:22:13 UTC
  4. You
node.js

2条答案

按热度按时间
ig9co6j1

ig9co6j11#

Caddy很容易设置为反向代理,它可以轻松地为您加密SSL证书

  1. {
  2.     email example@email.com
  3. }
  4. thespacebar.io {
  5.      reverse_proxy localhost:8080
  6. }

我看到你发布了一个更新-我想删除的一件事是

  1. :80 {
  2.   .....
  3. }

如果你读了你发布的文本,它确实说用你的域替换:80(但不要添加:80或球童不会为该域做证书)
我还看到您没有设置一个带有电子邮件地址的全局部分--我相当肯定,为了让letsencrypt工作,需要有这个部分(不要引用我的话)--至少在我第一次开始使用Caddy时是这样的

展开查看全部
赞(0)分享  回复(0)举报  2022-12-03
6rqinv9w

6rqinv9w2#

下面是caddyv2通用caddyfile的一些伪代码

对于下面的代码,将"\*"替换为"*""\"在下面用于转义markdown中的"/*"

此代码将向响应添加基本的安全报头和cors
它将代理传递到本地主机端口9883上的进程
如果你有一个dns记录为你的服务器它将设置这letsencrypt证书为你和更新他们当需要
请参阅助手片段https://caddyserver.com/docs/caddyfile/concepts#snippets

  1. # begin common code block snippet to be imported into the server block, 
  2. # for example here we set common security headers
  3. # see the markdown escape comment above for "/\*" should be "/*"
  4. (common) {
  5.     header /\* {
  6.         -Server
  7.         -X-Powered-By
  8.         +X-Permitted-Cross-Domain-Policies none
  9.         +X-Frame-Options DENY
  10.         +X-Content-Type-Options nosniff
  11.         +Strict-Transport-Security "max-age=63072000 includeSubDomains preload"
  12.         +Referrer-Policy no-referrer
  13.         }
  14. }
  15. # cors snippet
  16. (cors) { 
  17.     @cors_preflight method OPTIONS
  18. # "{args.0}" is an input value used when calling the snippet
  19.   
  20.     @cors header Origin "{args.0}"  
  21.         handle @cors_preflight {
  22.             header Access-Control-Allow-Origin  "{args.0}"
  23.             header Access-Control-Allow-Methods "GET, POST, PUT, PATCH, DELETE"
  24.             header Access-Control-Allow-Headers "Content-Type"
  25.             header Access-Control-Max-Age "3600"
  26.             respond "" 204
  27.     }
  28. }
  30. # main server block
  31. # dns record for server is myserver.edu
  32. myserver.edu { 
  34. # import common sec headers snippet
  35.     import common   
  36. # import cors snippet passing server name parameter, wildcard cors poor sec
  37.     import cors myserver.edu  
  39. # proxy redirect see handle_path directive 
  40. # https://caddyserver.com/docs/caddyfile/directives/handle_path
  41. # see the markdown escape comment above for "/\*" should be "/*"
  42.     handle_path /somepath/\* {
  43.         reverse_proxy localhost:9883 {
  44.             header_up X-Real-IP {remote_host}
  45.             # caddy will add X-Forwarded-For for you so not need this one
  46.             #header_up X-Forwarded-For {remote_host}
  47.             header_down Content-Security-Policy "media-src blob:"
  48.             }
  49.         }
  51. }
展开查看全部
赞(0)分享  回复(0)举报  2022-12-03
我来回答

相关问题

    查看更多

    热门标签

    更多
    JavaquerypythonNode开发语言requestUtil数据库Table后端算法LoggerMessageElementParser

    最新问答

    更多
    • 蜀ICP备13028337号-1 大数据知识库 https://www.saoniuhuo.com © All rights reserved
    • 本站内容来源互联网,如果侵犯您的权益请联系我们删除, 联系方式:448109455@qq.com