@
lexfoxrush 卧槽,老哥我解决了!!我放弃了 Caddy ,让 deepseek 帮我写了一个 nginx 的反代,直接一步成功,现在自签名证书走 https 稳稳的,太爽了😁。。还是老玩意儿比新东西成熟靠谱啊。
-----
在这做下笔记,给后人指个路:
- 自签名证书生成 (假设服务器 IP 以 192.168.1.1 为例):
```
openssl req -x509 -newkey rsa:4096 -sha256 -keyout private.key -out cert.crt -days 3650 -subj "/CN=192.168.1.1" -addext "subjectAltName=IP:192.168.1.1" -nodes
```
- nginx 反代配置:
```
# Headscale-UI 的反向代理( 3001 -> 3000 )
server {
listen 3001 ssl;
server_name 192.168.1.1; # 替换为你的服务器 IP 或域名
# 自签名证书路径
ssl_certificate /home/admin/docker/cert/192.168.1.1.crt;
ssl_certificate_key /home/admin/docker/cert/192.168.1.1.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://localhost:3000; # 将请求转发到 Headscale-UI
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
# Headscale 的反向代理( 8081 -> 8080 )
server {
listen 8081 ssl;
server_name 192.168.1.1; # 替换为你的服务器 IP 或域名
# 自签名证书路径
ssl_certificate /home/admin/docker/cert/192.168.1.1.crt;
ssl_certificate_key /home/admin/docker/cert/192.168.1.1.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers HIGH:!aNULL:!MD5;
location / {
proxy_pass http://localhost:8080; # 将请求转发到 Headscale
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
```
Nginx 启动!!😁
-END-