Nginx+Certbot+Steam模块完整教程

2 min read
首先安装 Nginx:
apt update
apt install nginx
后创建配置文件。首先创建一个 stream 配置文件用于 L4 代理:
# 创建 stream 配置目录
mkdir -p /etc/nginx/streams-enabled/
# 创建 stream 配置文件
nano /etc/nginx/streams-enabled/vpn.conf
内容如下:
# VPN stream 配置
stream {
map $ssl_preread_server_name $backend {
edu.xxx.com vpn_backend;
default web_backend;
}
upstream vpn_backend {
server 127.0.0.1:8443;
}
upstream web_backend {
server 127.0.0.1:8080;
}
server {
listen 443;
ssl_preread on;
proxy_pass $backend;
}
}
然后创建主要的 HTTP 配置:
# 创建网站配置目录
mkdir -p /etc/nginx/sites-enabled/
# 创建配置文件
nano /etc/nginx/sites-enabled/websites.conf
内容如下:
# HTTP 重定向到 HTTPS
server {
listen 80;
server_name xxx.com a.xxx.com;
return 301 https://$host$request_uri;
}
# xxx.com 配置
server {
listen 8080 ssl;
server_name xxx.com;
ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location / {
return 200 "hello world";
}
location /ws {
proxy_pass http://localhost:3001;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location @backend {
proxy_pass http://localhost:3001;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# a.xxx.com 配置
server {
listen 8080 ssl;
server_name a.xxx.com;
ssl_certificate /etc/letsencrypt/live/a.xxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/a.xxx.com/privkey.pem;
ssl_protocols TLSv1.2 TLSv1.3;
location /files/ {
rewrite ^/files/(.*) /.files/$1 break;
proxy_pass http://localhost:3002;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
location /api {
proxy_pass http://localhost:3002;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
修改主配置文件:
nano /etc/nginx/nginx.conf
在顶部添加:
include /etc/nginx/streams-enabled/*.conf;
获取 SSL 证书:
# 安装 certbot
apt install certbot python3-certbot-nginx
# 获取证书
certbot certonly --nginx -d a.xxx.com
certbot certonly --nginx -d xxx.com
最后:
# 测试配置
nginx -t
# 如果测试通过,重启 Nginx
systemctl restart nginx
# 启用开机自启
systemctl enable nginx
0
Subscribe to my newsletter
Read articles from kimlopez directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by
