為了防止中間人攻擊��,您可以使用SSL/TLS證書來加密客戶端和服務器之間的通信�����,并驗證服務器的身份��。以下是使用自簽名證書在Debian上配置Nginx以增強安全性的步驟:
- 安裝Nginx:
sudo apt update
sudo apt install nginx
- 生成自簽名SSL證書:
sudo mkdir -p /etc/nginx/ssl
sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/n8n.key -out /etc/nginx/ssl/n8n.crt
- 創建Nginx配置文件:
sudo nano /etc/nginx/sites-available/n8n.conf
在配置文件中添加以下內容��,替換<your public IP address>為您的公網IP地址:
server {
listen 80;
server_name <your public IP address>;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl;
server_name <your public IP address>;
ssl_certificate /etc/nginx/ssl/n8n.crt;
ssl_certificate_key /etc/nginx/ssl/n8n.key;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_prefer_server_ciphers on;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
ssl_session_timeout 1d;
ssl_session_cache shared:SSL:10m;
location / {
proxy_pass http://localhost:5678;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_cache_bypass $http_upgrade;
}
}
- 啟用配置并重啟服務:
sudo ln -s /etc/nginx/sites-available/n8n.conf /etc/nginx/sites-enabled/n8n.conf
sudo nginx -t
sudo systemctl restart nginx
