V2EX = way to explore
V2EX 是一个关于分享和探索的地方
现在注册
已注册用户请  登录
miaomiao2014
V2EX  ›  程序员

密码管理器 vaultwarden 打不开,问题在哪里?

  •  
  •   miaomiao2014 · 2023-08-03 21:52:27 +08:00 · 606 次点击
    这是一个创建于 484 天前的主题,其中的信息可能已经有所发展或是发生改变。
    nginx.conf 配置文件写好了,但是 default.conf 配置文件有问题,请大家帮忙看看有什么问题,感谢!!!

    default.conf 配置文件:

    server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;

    # 把所有 HTTP 请求重定向到 HTTPS
    return 301 https://$host$request_uri;
    }

    server {
    listen 15000 ssl;
    listen [::]:15000 ssl;
    server_name xxx.com;

    # SSL 证书配置
    ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    location / {
    # 网站主页路径。此路径仅供参考,具体请按照实际目录操作。
    root /var/www/html/public;
    index index.php index.html index.htm;
    }
    }

    server {
    listen 23000 ssl;
    listen [::]:23000 ssl;
    server_name b.xxx.com;

    # SSL 证书配置
    ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;
    #ssl_trusted_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem;

    client_max_body_size 525M;

    location / {
    proxy_http_version 1.1;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Host $host;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header X-Forwarded-Proto $scheme;
    # proxy_pass http://vaultwarden-default;
    }
    }
    miaomiao2014
        1
    miaomiao2014  
    OP
       2023-08-03 21:57:50 +08:00
    HeyEvan
        2
    HeyEvan  
       2023-08-03 22:52:24 +08:00
    最重要的 proxy_pass 怎么还注释掉了,upstream 也没有。实在不行的话,开 SSH 让我上去看看。。。
    miaomiao2014
        3
    miaomiao2014  
    OP
       2023-08-04 13:07:23 +08:00
    @0o0O0o0O0o @tylinux @HeyEvan

    打开了,就是没显示 https,是什么问题?
    [url=https://smms.app/image/8j3fs1DOZqFyow5][img]https://s2.loli.net/2023/08/04/8j3fs1DOZqFyow5.png[/img][/url]
    https://s2.loli.net/2023/08/04/8j3fs1DOZqFyow5.png

    upstream vaultwarden {
    server 127.0.0.1:13886;
    }

    server {
    listen 13886 ssl;
    server_name b.xxx.com;

    ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;

    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    location / {
    proxy_pass http://vaultwarden;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_http_version 1.1;
    proxy_read_timeout 86400;
    proxy_redirect off;
    }
    }

    server {
    listen 80 ;
    #填写绑定证书的域名
    server_name b.xxx.com;
    #把 http 的域名请求转成 https
    return 301 https://$host$request_uri;
    #return 301 https://www.xxx.com;
    }
    HeyEvan
        4
    HeyEvan  
       2023-08-04 15:32:35 +08:00
    流量都没经过 Nginx ,你的 443 被占用了吗?没有就改 listen

    server {
    # listen 13886 ssl;
    listen 443 ssl;
    ...
    }

    否则改 return

    server {
    listen 80 ;
    server_name b.xxx.com;
    return 301 https://$host:13886$request_uri;
    }
    miaomiao2014
        5
    miaomiao2014  
    OP
       2023-08-04 19:37:28 +08:00
    @HeyEvan trojan 占用了 443,利用 SNI 分流实现。就是死活不显示 https.

    第一个配置文件 nginx.conf

    user nginx;
    worker_processes auto;

    error_log /var/log/nginx/error.log notice;
    pid /var/run/nginx.pid;


    events {
    worker_connections 1024;
    }


    http {
    include /etc/nginx/mime.types;
    default_type application/octet-stream;

    log_format main '$remote_addr - $remote_user [$time_local] "$request" '
    '$status $body_bytes_sent "$http_referer" '
    '"$http_user_agent" "$http_x_forwarded_for"';

    access_log /var/log/nginx/access.log main;

    sendfile on;
    #tcp_nopush on;

    keepalive_timeout 65;

    #gzip on;

    include /etc/nginx/conf.d/*.conf;
    }



    stream {
    # 这里就是 SNI 识别,将域名映射成一个配置名,请修改自己的一级域名
    map $ssl_preread_server_name $backend_name {
    xxx.com web;
    t.xxx.com trojan;
    b.xxx.com vaultwarden;
    # 域名都不匹配情况下的默认值
    default web;
    }
    # web ,配置转发详情
    upstream web {
    server 127.0.0.1:12000;
    }
    # trojan ,配置转发详情
    upstream trojan {
    server 127.0.0.1:13000;
    }

    # Vaultwarden ,配置转发详情
    upstream vaultwarden {
    server 127.0.0.1:14000;
    }

    # 监听 443 并开启 ssl_preread
    server {
    listen 443 reuseport;
    listen [::]:443 reuseport;
    proxy_pass $backend_name;
    ssl_preread on;
    }
    }




    第二个配置文件 default.conf

    upstream web {
    server 127.0.0.1:12000;
    }

    server {
    listen 12000 ssl;
    #填写绑定证书的域名
    server_name xxx.com www.xxx.com;
    #证书文件名称
    ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
    #私钥文件名称
    ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;
    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    location / {
    #网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
    root /var/www/html/public;
    index index.php index.html index.htm;
    }
    }

    server {
    listen 80 ;
    #填写绑定证书的域名
    server_name xxx.com www.xxx.com;
    #把 http 的域名请求转成 https
    return 301 https://$host$request_uri;
    }



    upstream vaultwarden {
    server 127.0.0.1:14000;
    }

    server {
    listen 14000 ssl;
    server_name b.xxx.com;

    ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;

    ssl_session_timeout 5m;
    ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;

    location / {
    proxy_pass http://vaultwarden;
    proxy_set_header X-Real-IP $remote_addr;
    proxy_set_header Host $host;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Upgrade $http_upgrade;
    proxy_set_header Connection "upgrade";
    proxy_http_version 1.1;
    proxy_read_timeout 86400;
    proxy_redirect off;
    }
    }

    server {
    listen 80 default_server;
    listen [::]:80 default_server;
    server_name _;
    return 301 https://$host$request_uri;
    }
    HeyEvan
        6
    HeyEvan  
       2023-08-04 20:35:06 +08:00
    ### default.conf

    upstream vaultwarden {
    # Vaultwarden 监听地址
    server 127.0.0.1:<????>;
    }
    miaomiao2014
        7
    miaomiao2014  
    OP
       2023-08-04 21:15:17 +08:00
    @HeyEvan 没懂,就是上面
    server 127.0.0.1:14000;

    打开 vaultwarden:ip:8086
    HeyEvan
        8
    HeyEvan  
       2023-08-04 21:29:13 +08:00
    那就填 127.0.0.1:8086
    miaomiao2014
        9
    miaomiao2014  
    OP
       2023-08-04 21:43:25 +08:00
    @HeyEvan
    只有这个改吗,其它不用改?
    关于   ·   帮助文档   ·   博客   ·   API   ·   FAQ   ·   实用小工具   ·   2693 人在线   最高记录 6679   ·     Select Language
    创意工作者们的社区
    World is powered by solitude
    VERSION: 3.9.8.5 · 28ms · UTC 05:26 · PVG 13:26 · LAX 21:26 · JFK 00:26
    Developed with CodeLauncher
    ♥ Do have faith in what you're doing.