密码管理器 vaultwarden 打不开,问题在哪里?

282 天前
 miaomiao2014
nginx.conf 配置文件写好了,但是 default.conf 配置文件有问题,请大家帮忙看看有什么问题,感谢!!!

default.conf 配置文件:

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;

# 把所有 HTTP 请求重定向到 HTTPS
return 301 https://$host$request_uri;
}

server {
listen 15000 ssl;
listen [::]:15000 ssl;
server_name xxx.com;

# SSL 证书配置
ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

location / {
# 网站主页路径。此路径仅供参考,具体请按照实际目录操作。
root /var/www/html/public;
index index.php index.html index.htm;
}
}

server {
listen 23000 ssl;
listen [::]:23000 ssl;
server_name b.xxx.com;

# SSL 证书配置
ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;
#ssl_trusted_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem;

client_max_body_size 525M;

location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# proxy_pass http://vaultwarden-default;
}
}
493 次点击
所在节点    程序员
9 条回复
miaomiao2014
282 天前
@0o0O0o0O0o @tylinux @HeyEvan
HeyEvan
282 天前
最重要的 proxy_pass 怎么还注释掉了,upstream 也没有。实在不行的话,开 SSH 让我上去看看。。。
miaomiao2014
281 天前
@0o0O0o0O0o @tylinux @HeyEvan

打开了,就是没显示 https,是什么问题?
[url=https://smms.app/image/8j3fs1DOZqFyow5][img]https://s2.loli.net/2023/08/04/8j3fs1DOZqFyow5.png[/img][/url]
https://s2.loli.net/2023/08/04/8j3fs1DOZqFyow5.png

upstream vaultwarden {
server 127.0.0.1:13886;
}

server {
listen 13886 ssl;
server_name b.xxx.com;

ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;

ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

location / {
proxy_pass http://vaultwarden;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_read_timeout 86400;
proxy_redirect off;
}
}

server {
listen 80 ;
#填写绑定证书的域名
server_name b.xxx.com;
#把 http 的域名请求转成 https
return 301 https://$host$request_uri;
#return 301 https://www.xxx.com;
}
HeyEvan
281 天前
流量都没经过 Nginx ,你的 443 被占用了吗?没有就改 listen

server {
# listen 13886 ssl;
listen 443 ssl;
...
}

否则改 return

server {
listen 80 ;
server_name b.xxx.com;
return 301 https://$host:13886$request_uri;
}
miaomiao2014
281 天前
@HeyEvan trojan 占用了 443,利用 SNI 分流实现。就是死活不显示 https.

第一个配置文件 nginx.conf

user nginx;
worker_processes auto;

error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;


events {
worker_connections 1024;
}


http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
#tcp_nopush on;

keepalive_timeout 65;

#gzip on;

include /etc/nginx/conf.d/*.conf;
}



stream {
# 这里就是 SNI 识别,将域名映射成一个配置名,请修改自己的一级域名
map $ssl_preread_server_name $backend_name {
xxx.com web;
t.xxx.com trojan;
b.xxx.com vaultwarden;
# 域名都不匹配情况下的默认值
default web;
}
# web ,配置转发详情
upstream web {
server 127.0.0.1:12000;
}
# trojan ,配置转发详情
upstream trojan {
server 127.0.0.1:13000;
}

# Vaultwarden ,配置转发详情
upstream vaultwarden {
server 127.0.0.1:14000;
}

# 监听 443 并开启 ssl_preread
server {
listen 443 reuseport;
listen [::]:443 reuseport;
proxy_pass $backend_name;
ssl_preread on;
}
}




第二个配置文件 default.conf

upstream web {
server 127.0.0.1:12000;
}

server {
listen 12000 ssl;
#填写绑定证书的域名
server_name xxx.com www.xxx.com;
#证书文件名称
ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
#私钥文件名称
ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
#网站主页路径。此路径仅供参考,具体请您按照实际目录操作。
root /var/www/html/public;
index index.php index.html index.htm;
}
}

server {
listen 80 ;
#填写绑定证书的域名
server_name xxx.com www.xxx.com;
#把 http 的域名请求转成 https
return 301 https://$host$request_uri;
}



upstream vaultwarden {
server 127.0.0.1:14000;
}

server {
listen 14000 ssl;
server_name b.xxx.com;

ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;

ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

location / {
proxy_pass http://vaultwarden;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_read_timeout 86400;
proxy_redirect off;
}
}

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}
HeyEvan
281 天前
### default.conf

upstream vaultwarden {
# Vaultwarden 监听地址
server 127.0.0.1:<????>;
}
miaomiao2014
281 天前
@HeyEvan 没懂,就是上面
server 127.0.0.1:14000;

打开 vaultwarden:ip:8086
HeyEvan
281 天前
那就填 127.0.0.1:8086
miaomiao2014
281 天前
@HeyEvan
只有这个改吗,其它不用改?

这是一个专为移动设备优化的页面(即为了让你能够在 Google 搜索结果里秒开这个页面),如果你希望参与 V2EX 社区的讨论,你可以继续到 V2EX 上打开本讨论主题的完整版本。

https://www.v2ex.com/t/962222

V2EX 是创意工作者们的社区,是一个分享自己正在做的有趣事物、交流想法,可以遇见新朋友甚至新机会的地方。

V2EX is a community of developers, designers and creative people.

© 2021 V2EX