腾讯云部署服务问题汇总

server {
    listen 443 ssl http2;
    server_name www.xxx.com xxx.com;
    root /var/www/mywebsite-app/public;

    add_header X-Frame-Options "SAMEORIGIN";
    add_header X-XSS-Protection "1; mode=block";
    add_header X-Content-Type-Options "nosniff";

    ssl_certificate /etc/nginx/conf.d/ssl/xxx.com_bundle.crt;
    ssl_certificate_key /etc/nginx/conf.d/ssl/xxx.com.key;

    ssl_session_timeout 5m;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:HIGH:!aNULL:!MD5:!RC4:!DHE;
    ssl_prefer_server_ciphers on;

    location / {
        proxy_pass http://127.0.0.1:8081;
        proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_set_header Upgrade-Insecure-Requests 1;
        proxy_set_header X-Forwarded-Proto https;
        add_header Content-Security-Policy upgrade-insecure-requests;
    }

    #location ~ .*\.(js|css|jpg|gif|png|bmp|jpeg|svg)$ {
    #    #     proxy_pass http://127.0.0.1:8081;
    #        # }
    #        }
}

做了转发的话jss css 是无法加载的 需要设置

 proxy_set_header X-Real-IP $remote_addr;
        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
        proxy_set_header Host $host;
        proxy_set_header Upgrade-Insecure-Requests 1;
        proxy_set_header X-Forwarded-Proto https;

文章

但是返回的内容是http的 css js是无法加载的 会被浏览器屏蔽

 add_header Content-Security-Policy upgrade-insecure-requests;

443是否放行

腾讯云 放行后依然无法访问443
原因是防火墙没启动
1

# 华为云排查防火墙是否开放端口，yes 为已开放，no 为未开放
[root@121]# firewall-cmd --query-port=80/tcp
yes
# 此处排查出防火墙未开放 443 端口
[root@121]# firewall-cmd --query-port=443/tcp
no
# 防火墙新增开放端口 443，返回 success 为新增成功
[root@121]# firewall-cmd --zone=public --add-port=443/tcp --permanent
success
# 防火墙操作完成后需要重新 reload，返回 success 为reload成功
[root@121]# firewall-cmd --reload
success
# 再次查询 443 端口是否已开放，返回 yes 端口已开放
[root@121]# firewall-cmd --query-port=443/tcp
yes

rewrite ^(.*) https://xxx.com$1 permanent;