現在のNGINX設定のためにindex.htmlにアクセスしようとすると、httpsにリダイレクトされる無限ループが発生します。誰も正しい方法を持っていますか?
目的は、ポート 443 でインバウンド要求を転送して、同じポートでローカル ホストの WS 接続への WSS 接続を開始することです。さらに、ポート443のWebファイルに対する要求は、localhostポート80に転送されます。
これはリダイレクトconfです(/etc/nginx/conf.d/myFQDN.confにあります)。
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
upstream to-websocket {
server localhost:25565;
}
server_tokens off;
# SSL requirements. We use Certbot and LetsEncrypt
#ssl_certificate /etc/letsencrypt/live/-myFQDN-/fullchain.pem; # managed by Certbot
#ssl_certificate_key /etc/letsencrypt/live/-myFQDN-/privkey.pem; # managed by Certbot
#include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
#ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
#ssl_session_cache shared:SSL:1m;
#ssl_session_timeout 5m;
#ssl_ciphers HIGH:!aNULL:!MD5;
#ssl_prefer_server_ciphers on;
server {
# first redirect to https
if ($scheme = "http") {
return 301 https://$host$request_uri;
}
# Now webserver
# Port 80 shouldn't be accesed from outside
listen 80 default_server;
listen [::]:80 default_server;
server_name -myFQDN- www.-myFQDN-;
return 404; # managed by Certbot
root /var/www/html;
}
server {
root /var/www/html;
index index.html index.htm;
server_name -myFQDN-;
# Proxy our outside https to local http
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/-myFQDN-/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/-myFQDN-/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
location / {
try_files /nonexistent @$http_upgrade;
}
location @websocket {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection $connection_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host -myFQDN-;
proxy_set_header Referer https://-myFQDN-;
proxy_set_header Referrer https://-myFQDN-;
# proxy_pass http://localhost:25565;
proxy_pass http://to-websocket;
}
location @ {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host -myFQDN-;
proxy_set_header Referer https://-myFQDN-;
proxy_set_header Referrer https://-myFQDN-;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://localhost:80;
}
}