0

我在尝试在 NGINX 反向代理后面运行我的 ASP.NET Core 3 应用程序时遇到问题。我正在关注本指南: https ://docs.microsoft.com/en-us/aspnet/core/host-and-deploy/linux-nginx?view=aspnetcore-3.1

我正在使用 Let's Encrypt 为我的 SSL 证书和代理传递到我本地网络中的另一台机器。我真的不知道如何解决这个问题。我已经尝试使用 SSL 保护反向代理和 Kestrel 服务器之间的连接,但这仍然不起作用。任何帮助将不胜感激。我的 NGINX Site.conf 文件如下:

upstream dotnet {
    zone dotnet 64k;
    server 192.168.3.222:5000;
}
server {
    server_name   MyDomain.net *.MyDomain.net;
    location / {
            proxy_pass         http://dotnet;
            proxy_http_version 1.1;
            proxy_set_header   Upgrade $http_upgrade;
            proxy_set_header   Connection keep-alive;
            proxy_set_header   Host $host;
            proxy_cache_bypass $http_upgrade;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
            fastcgi_buffers 16 16k;
            fastcgi_buffer_size 32k;
            access_log      /var/log/nginx/MyDomain.access.log;
            error_log       /var/log/nginx/MyDomain.error.log;
    }
    location = /favicon.ico {
            log_not_found off;
    }

listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/mydomain.net/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/mydomain.net/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}
server {
if ($host = MyDomain.net) {
    return 301 https://$host$request_uri;
} # managed by Certbot


    listen        80;
    server_name   MyDomain.net;
return 404; # managed by Certbot


}

ASP.NET Core 应用程序运行在与 NGINX 反向代理(本地 IP:192.168.3.111)不同的机器(本地 IP:192.168.3.222)上。如果我在 ASP.NET Core 应用程序正在运行的机器上设置 NGINX 反向代理,并且代理传递到 127.0.0.1:5000,我可以通过本地网络毫无问题地访问它。我还配置了 Startup.cs 以接受我的反向代理:

public void ConfigureServices(IServiceCollection services)
{
// Configure Headers. Required by Nginx RProxy
        services.Configure<ForwardedHeadersOptions>(options =>
        {
            options.ForwardedHeaders =
                ForwardedHeaders.XForwardedFor | ForwardedHeaders.XForwardedProto;                
            options.KnownProxies.Add(IPAddress.Parse("192.168.3.111"));
            options.KnownNetworks.Add(new IPNetwork(IPAddress.Parse("192.168.3.0"),24));
}

public void Configure(IApplicationBuilder app, IWebHostEnvironment env, IServiceProvider serviceProvider)
{
// Forward Headers required by Nginx RProxy
        app.UseForwardedHeaders();
app.UseHttpsRedirection();
app.UseStaticFiles();
app.UseRouting();
}

如果我尝试访问 MyDomain.net,我会收到 502 Bad Gateway。所以反向代理无法连接到应用程序。文档中的示例在与 Kestrel 服务器相同的机器上使用反向代理。NGINX 错误日志如下:

连接到上游时失败(111:连接被拒绝),客户端:0.0.0.0.1,服务器:mydomain.net,请求:“GET / HTTP/1.1”,上游:“http://192.168.3.222:5000/$ ,主机:“mydomain.net”

带有 Kestrel 服务器的机器允许端口 5000 和 5001 的传入流量。

4

0 回答 0