问题
I'm trying to deploy an aspnet core 2.2 site with the following setup but when entering url somesite.co.uk
it forwards to port 5001 and not 443. Can anyone spot what I'm doing wrong?
When entering somesite.co.uk
in a browser it redirects to https://somesite.co.uk:5001
C#-Program
public class Program
{
public static void Main(string[] args)
{
CreateWebHostBuilder(args).Build().Run();
}
public static IWebHostBuilder CreateWebHostBuilder(string[] args) =>
WebHost.CreateDefaultBuilder(args)
.UseStartup<Startup>();
}
C# - appsettings.json
{
"Kestrel": {
"Endpoints": {
"Http": {
"Url": "http://0.0.0.0:5000"
},
"Https": {
"Url": "https://0.0.0.0:5001"
}
}
},
"Logging": {
"LogLevel": {
"Default": "Warning"
}
},
"AllowedHosts": "*"
}
Linux - /etc/systemd/system/kestrel-somesite.service
[Service]
WorkingDirectory=/usr/share/nginx/html
ExecStart=/usr/bin/dotnet /usr/share/nginx/html/somesite.dll
Restart=always
RestartSec=10
SyslogIdentifier=dotnet-coretest
User=root
Environment=ASPNETCORE_ENVIRONMENT=Production
Environment=DOTNET_PRINT_TELEMETRY_MESSAGE=false
Environment=ASPNETCORE_HTTPS_PORT=5001
Environment=ASPNETCORE_URLS=http://*:5000;https://*:5001
[Install]
WantedBy=multi-user.target
Linux - /etc/nginx/sites-available/first.conf
server {
server_name somesite.co.uk;
root /usr/share/nginx/html;
location / {
proxy_pass http://localhost:5000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection keep-alive;
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/somesite.co.uk/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/somesite.co.uk/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}server {
if ($host = somesite.co.uk) {
return 301 https://$server_name$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server ipv6only=on;
server_name somesite.co.uk;
return 404; # managed by Certbot
}
回答1:
But have you remembered to use app.UseForwaredHeaders in startup?
app.UseForwardedHeaders(new ForwardedHeadersOptions
{
ForwardedHeaders = ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto
});
Usually you don't have to specify ports in the service file (the last two environment lines). I recommend going over the docs at linode for nginx too, they are helpful in addition to the official docs in microsoft's site.
来源:https://stackoverflow.com/questions/55170709/nginx-and-certbot-wont-forward-to-443-only-port-5001-on-aspnet-core-and-kestre