Nginx and Certbot won't forward to 443, only p

2019-06-10 04:01发布

问题:

I'm trying to deploy an aspnet core 2.2 site with the following setup but when entering url somesite.co.uk it forwards to port 5001 and not 443. Can anyone spot what I'm doing wrong?

When entering somesite.co.uk in a browser it redirects to https://somesite.co.uk:5001

C#-Program

public class Program
{
    public static void Main(string[] args)
    {
        CreateWebHostBuilder(args).Build().Run();
    }

    public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
        WebHost.CreateDefaultBuilder(args)
        .UseStartup<Startup>();
}

C# - appsettings.json

{
  "Kestrel": {
    "Endpoints": {
      "Http": {
        "Url": "http://0.0.0.0:5000"
      },
      "Https": {
        "Url": "https://0.0.0.0:5001"
      }
    }
  },
  "Logging": {
    "LogLevel": {
      "Default": "Warning"
    }
  },
  "AllowedHosts": "*"
}

Linux - /etc/systemd/system/kestrel-somesite.service

[Service]
WorkingDirectory=/usr/share/nginx/html
ExecStart=/usr/bin/dotnet /usr/share/nginx/html/somesite.dll
Restart=always
RestartSec=10
SyslogIdentifier=dotnet-coretest
User=root
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false
Environment=ASPNETCORE_HTTPS_PORT=5001
Environment=ASPNETCORE_URLS=http://*:5000;https://*:5001

[Install]
WantedBy=multi-user.target

Linux - /etc/nginx/sites-available/first.conf

server {

    server_name somesite.co.uk;
    root /usr/share/nginx/html;

        location / {
            proxy_pass         http://localhost:5000;
            proxy_http_version 1.1;
            proxy_set_header   Upgrade $http_upgrade;
            proxy_set_header   Connection keep-alive;
            proxy_set_header   Host $host;
            proxy_cache_bypass $http_upgrade;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
        }

    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/somesite.co.uk/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/somesite.co.uk/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}server {
    if ($host = somesite.co.uk) {
        return 301 https://$server_name$request_uri;
    } # managed by Certbot


    listen 80 default_server;
    listen [::]:80 default_server ipv6only=on;

    server_name somesite.co.uk;
    return 404; # managed by Certbot

}

回答1:

But have you remembered to use app.UseForwaredHeaders in startup?

app.UseForwardedHeaders(new ForwardedHeadersOptions
{
   ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});

Usually you don't have to specify ports in the service file (the last two environment lines). I recommend going over the docs at linode for nginx too, they are helpful in addition to the official docs in microsoft's site.