密码管理器 vaultwarden 打不开，问题在哪里？

V2EX = way to explore

V2EX 是一个关于分享和探索的地方

现在注册

已注册用户请登录

这是一个创建于 484 天前的主题，其中的信息可能已经有所发展或是发生改变。

nginx.conf 配置文件写好了，但是 default.conf 配置文件有问题，请大家帮忙看看有什么问题，感谢！！！

default.conf 配置文件：

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;

# 把所有 HTTP 请求重定向到 HTTPS
return 301 https://$host$request_uri;
}

server {
listen 15000 ssl;
listen [::]:15000 ssl;
server_name xxx.com;

# SSL 证书配置
ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

location / {
# 网站主页路径。此路径仅供参考，具体请按照实际目录操作。
root /var/www/html/public;
index index.php index.html index.htm;
}
}

server {
listen 23000 ssl;
listen [::]:23000 ssl;
server_name b.xxx.com;

# SSL 证书配置
ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;
#ssl_trusted_certificate /path/to/certificate/letsencrypt/live/vaultwarden.example.tld/fullchain.pem;

client_max_body_size 525M;

location / {
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
# proxy_pass http://vaultwarden-default;
}
}

9 条回复

miaomiao2014

2023-08-03 21:57:50 +08:00

@0o0O0o0O0o @tylinux @HeyEvan

HeyEvan

2023-08-03 22:52:24 +08:00

最重要的 proxy_pass 怎么还注释掉了，upstream 也没有。实在不行的话，开 SSH 让我上去看看。。。

miaomiao2014

2023-08-04 13:07:23 +08:00

@0o0O0o0O0o @tylinux @HeyEvan

打开了，就是没显示 https,是什么问题？
[url=https://smms.app/image/8j3fs1DOZqFyow5][img]https://s2.loli.net/2023/08/04/8j3fs1DOZqFyow5.png[/img][/url]
https://s2.loli.net/2023/08/04/8j3fs1DOZqFyow5.png

upstream vaultwarden {
server 127.0.0.1:13886;
}

server {
listen 13886 ssl;
server_name b.xxx.com;

ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;

ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

location / {
proxy_pass http://vaultwarden;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_read_timeout 86400;
proxy_redirect off;
}
}

server {
listen 80 ;
#填写绑定证书的域名
server_name b.xxx.com;
#把 http 的域名请求转成 https
return 301 https://$host$request_uri;
#return 301 https://www.xxx.com;
}

HeyEvan

2023-08-04 15:32:35 +08:00

流量都没经过 Nginx ，你的 443 被占用了吗？没有就改 listen

server {
# listen 13886 ssl;
listen 443 ssl;
...
}

否则改 return

server {
listen 80 ;
server_name b.xxx.com;
return 301 https://$host:13886$request_uri;
}

miaomiao2014

2023-08-04 19:37:28 +08:00

@HeyEvan trojan 占用了 443,利用 SNI 分流实现。就是死活不显示 https.

第一个配置文件 nginx.conf

user nginx;
worker_processes auto;

error_log /var/log/nginx/error.log notice;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
}

http {
include /etc/nginx/mime.types;
default_type application/octet-stream;

log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';

access_log /var/log/nginx/access.log main;

sendfile on;
#tcp_nopush on;

keepalive_timeout 65;

#gzip on;

include /etc/nginx/conf.d/*.conf;
}

stream {
# 这里就是 SNI 识别，将域名映射成一个配置名，请修改自己的一级域名
map $ssl_preread_server_name $backend_name {
xxx.com web;
t.xxx.com trojan;
b.xxx.com vaultwarden;
# 域名都不匹配情况下的默认值
default web;
}
# web ，配置转发详情
upstream web {
server 127.0.0.1:12000;
}
# trojan ，配置转发详情
upstream trojan {
server 127.0.0.1:13000;
}

# Vaultwarden ，配置转发详情
upstream vaultwarden {
server 127.0.0.1:14000;
}

# 监听 443 并开启 ssl_preread
server {
listen 443 reuseport;
listen [::]:443 reuseport;
proxy_pass $backend_name;
ssl_preread on;
}
}

第二个配置文件 default.conf

upstream web {
server 127.0.0.1:12000;
}

server {
listen 12000 ssl;
#填写绑定证书的域名
server_name xxx.com www.xxx.com;
#证书文件名称
ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
#私钥文件名称
ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;
ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
location / {
#网站主页路径。此路径仅供参考，具体请您按照实际目录操作。
root /var/www/html/public;
index index.php index.html index.htm;
}
}

server {
listen 80 ;
#填写绑定证书的域名
server_name xxx.com www.xxx.com;
#把 http 的域名请求转成 https
return 301 https://$host$request_uri;
}

upstream vaultwarden {
server 127.0.0.1:14000;
}

server {
listen 14000 ssl;
server_name b.xxx.com;

ssl_certificate /etc/letsencrypt/live/xxx.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/xxx.com/privkey.pem;

ssl_session_timeout 5m;
ssl_ciphers ECDHE-RSA-AES128-GCM-SHA256:ECDHE:ECDH:AES:HIGH:!NULL:!aNULL:!MD5:!ADH:!RC4;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;

location / {
proxy_pass http://vaultwarden;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_http_version 1.1;
proxy_read_timeout 86400;
proxy_redirect off;
}
}

server {
listen 80 default_server;
listen [::]:80 default_server;
server_name _;
return 301 https://$host$request_uri;
}

HeyEvan

2023-08-04 20:35:06 +08:00

### default.conf

upstream vaultwarden {
# Vaultwarden 监听地址
server 127.0.0.1:<????>;
}

miaomiao2014

2023-08-04 21:15:17 +08:00

@HeyEvan 没懂，就是上面
server 127.0.0.1:14000;

打开 vaultwarden：ip:8086

HeyEvan

2023-08-04 21:29:13 +08:00

那就填 127.0.0.1:8086

miaomiao2014

2023-08-04 21:43:25 +08:00

@HeyEvan
只有这个改吗，其它不用改？