风景
日志

v2ray改nginx-ssl代理

DB 
之前的nginx+v2ray的镜像被删除了,用了好久一键部署的v2ray,它是用caddy代理的,开了https但是没有弄证书,caddy不熟就把它换成nginx.

操作与问题记录

安装certbox, nginx
yum install -y certbox python3-certbot-nginx nginx

配置nginx
server {
    listen 80;
    server_name xxx.forsexxxxxx.top;

    location / {
        proxy_pass http://localhost:11684;
        proxy_set_header Host $host;
	    proxy_http_version 1.1;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
	    proxy_set_header Upgrade $http_upgrade;
	    proxy_set_header Connection "upgrade";  # 注意这里是小写,但 Nginx 通常能处理 "Upgrade" 和 "upgrade"
        proxy_cache_bypass $http_upgrade;
    }

}

安装证书
sudo certbot --nginx -d xxx.forsexxxxxx.top


成功转发后client连接nginx日志报错:
2024/11/10 09:45:27 [crit] 2009#2009: *1 connect() to 127.0.0.1:11684 failed (13: Permission denied) while connecting to upstream, client: 117.176.187.67, server: v2.forseasioning.top, request: "GET / HTTP/1.1", upstream: "http://127.0.0.1:11684/", host: "v2.forseasioning.top"


13: Permission denied
权限问题,SELinux没有开启httpd服务网络请求权限
执行:setsebool -P httpd_can_network_connect 1
问题解决,上面命令为永久生效

测试连接成功,感觉使用起来更安心了一点,之前必需在客户端打开allowinsecure才能用,看着是用ssl感觉和裸奔也差不多。

Related Posts

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注

We use cookies to improve your experience on our website