bounty将在7天后过期。回答此问题可获得+50的声望奖励。Kirsten希望引起更多关注此问题。

我正尝试在运行Centos 9 Stream和Nginx的数字海洋快捷方式上运行测试WebApplication。该WebApplication是从Visual Studio模板创建的默认项目。它使用net8.0. Microsoft.AspNetCore.OpenApi 7.0.14和Swashbuckle.AspNetCore 6.5.0
我还通过LetsEncrypt安装了一个证书
在droplet上启动nginx之后，我还使用

DotNet WebApplication.dll

字符串
并看到它正在侦听端口5000
x1c 0d1x的数据
但是如果我尝试

curl -I https://example.com

型
我得到

HTTP/1.1 502 Bad Gateway
   Server: nginx/1.22.1

型
我看到WebApplication控制台输出了一条警告

Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware[3]
Failed to determine the https port for redirect

型
我在/etc/nginx/nginx.conf中有以下内容

# For more information on configuration, see:
#   * Official English Documentation: http://nginx.org/en/docs/
#   * Official Russian Documentation: http://nginx.org/ru/docs/

user nginx;
worker_processes auto;
error_log /var/log/nginx/error.log notice;
pid /run/nginx.pid;

# Load dynamic modules. See /usr/share/doc/nginx/README.dynamic.
include /usr/share/nginx/modules/*.conf;

events {
    worker_connections 1024;
}

http {
    log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
                      '$status $body_bytes_sent "$http_referer" '
                      '"$http_user_agent" "$http_x_forwarded_for"';

    access_log  /var/log/nginx/access.log  main;

    sendfile            on;
    tcp_nopush          on;
    keepalive_timeout   65;
    types_hash_max_size 4096;

    include             /etc/nginx/mime.types;
    default_type        application/octet-stream;

    # Load modular configuration files from the /etc/nginx/conf.d directory.
    # See http://nginx.org/en/docs/ngx_core_module.html#include
    # for more information.
    include /etc/nginx/conf.d/*.conf;

    server {
        server_name example.com;
        location / {
            proxy_pass         http://localhost:5000; # Your .NET app's URL
            proxy_http_version 1.1;
            proxy_set_header   Upgrade $http_upgrade;
            proxy_set_header   Connection keep-alive;
            proxy_set_header   Host $host;
            proxy_cache_bypass $http_upgrade;
            proxy_set_header   X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
        }

        root         /usr/share/nginx/html;

        # Load configuration files for the default server block.
        include /etc/nginx/default.d/*.conf;

        error_page 404 /404.html;
        location = /404.html {
        }

        error_page 500 502 503 504 /50x.html;
        location = /50x.html {
        }
    
    listen [::]:443 ssl ipv6only=on; # managed by Certbot
    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/examplecom/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}

# Settings for a TLS enabled server.
#
#    server {
#        listen       443 ssl http2;
#        listen       [::]:443 ssl http2;
#        server_name  _;
#        root         /usr/share/nginx/html;
#
#        ssl_certificate "/etc/pki/nginx/server.crt";
#        ssl_certificate_key "/etc/pki/nginx/private/server.key";
#        ssl_session_cache shared:SSL:1m;
#        ssl_session_timeout  10m;
#        ssl_ciphers PROFILE=SYSTEM;
#        ssl_prefer_server_ciphers on;
#
#        # Load configuration files for the default server block.
#        include /etc/nginx/default.d/*.conf;
#
#        error_page 404 /404.html;
#        location = /404.html {
#        }
#
#        error_page 500 502 503 504 /50x.html;
#        location = /50x.html {
#        }
#    }


    server {
    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

        listen       80;
        listen       [::]:80;
        server_name example.com;
    return 404; # managed by Certbot

}}

型
[更新]

cat /var/log/nginx/error.log

型
报告

Permission denied while connecting to upstream

型
[更新]
在看了this ticket之后，我尝试了
设置布尔值-P httpd_can_network_connect 1（可连接到网络1的HTTP请求）
然后重新开始。
现在当我跑的时候
. NET Web应用程序. dll
我得到警告

Microsoft.AspNetCore.HttpsPolicy.HttpsRedirectionMiddleware[3]
failed to deterimine the https port for redirect.
Microsoft.Hosting.Lifetime[0]
Application is shutting down.

型
但我仍然收到“502 Bad Gateway（网关错误）”错误

curl -I https://example.com

型
我在日志中不再看到“权限被拒绝”错误。它是（IPAddress已模糊处理）

2024/01/06 04:39:52 [notice] 1323#1323: signal 3 (SIGQUIT) received from 1, shutting down
2024/01/06 04:39:52 [notice] 1323#1323: signal 17 (SIGCHLD) received from 1324
2024/01/06 04:39:52 [notice] 1323#1323: worker process 1324 exited with code 0
2024/01/06 04:39:52 [notice] 1323#1323: exit
2024/01/06 04:43:25 [notice] 1339#1339: using the "epoll" event method
2024/01/06 04:43:25 [notice] 1339#1339: nginx/1.22.1
2024/01/06 04:43:25 [notice] 1339#1339: built by gcc 11.3.1 20221121 (Red Hat 11.3.1-4) (GCC) 
2024/01/06 04:43:25 [notice] 1339#1339: OS: Linux 5.14.0-391.el9.x86_64
2024/01/06 04:43:25 [notice] 1339#1339: getrlimit(RLIMIT_NOFILE): 1024:524288
2024/01/06 04:43:25 [notice] 1340#1340: start worker processes
2024/01/06 04:43:25 [notice] 1340#1340: start worker process 1341
2024/01/06 05:00:14 [error] 1341#1341: *5 connect() failed (111: Connection refused) while connecting to upstream, client: MyIPAddress, server: example.com, request: "HEAD / HTTP/1.1", upstream: "http://127.0.0.1:5000/", host: "example.com"
2024/01/06 05:00:14 [warn] 1341#1341: *5 upstream server temporarily disabled while connecting to upstream, client: MyIPAddress, server: example.com, request: "HEAD / HTTP/1.1", upstream: "http://127.0.0.1:5000/", host: "example.com"
2024/01/06 05:00:14 [error] 1341#1341: *5 connect() failed (111: Connection refused) while connecting to upstream, client: MyIPAddress, server: example.com, request: "HEAD / HTTP/1.1", upstream: "http://[::1]:5000/", host: "example.com"
2024/01/06 05:00:14 [warn] 1341#1341: *5 upstream server temporarily disabled while connecting to upstream, client: MyIPAddress, server: example.com, request: "HEAD / HTTP/1.1", upstream: "http://[::1]:5000/", host: "example.com"

型
[更新]
我看到https在已发布的appsettings.json中没有提到（而在开发的launchsettings.json中却提到了）

{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning"
    }
  },
  "AllowedHosts": "*"
}

型
[更新]从here我了解到
如果未指定端口，Kestrel将绑定到http：//localhost：5000。
下一步添加

"Kestrel": {
    "Endpoints": {
      "Https": {
        "Url": "https://localhost:5000"
      }
    }
  },

型
现在我明白
ASP.NET开发人员证书不受信任。请参阅this
此外，坏网关仍然没有解决。
[更新]
我已经通过使nginx.conf和appsettings.json都使用http：//localhost：5000解决了证书问题
我还能拿到502坏门
https://example.com/swagger/index.html提供
404 Error：抱歉，您所查找的页面不存在！
[更新]
我在droplet上启用了IPV6（注意到nginx.conf中的IPV6已打开）
现在

curl -I https://example.com

型
404找不到页面
此外，WebApplication控制台还会警告
Microsoft.AspNetCore.HttpsPolicy. HttpsRedirection中间件3无法确定用于重定向的https端口。
我可以看到使用

cat /var/log/nginx/error.log

型
的
SSL握手时，SSL_do_handshake（）失败（SSL：错误0A 00006 C：SSL例程：：密钥共享错误）
[更新]
在阅读了ozkanpakdil的评论之后，我修改了program.cs来删除app.UseHttpsRedirection（）;
现在

curl -I example.com

型
给

301 Moved Permanently

型
[更新]
我想知道status nginx输出中的禁用字。

的
如果我结束Web应用程序并在浏览器中转到example.com，则会看到一个错误页面

的
如果我启动Web应用程序并转到example.com，我会看到

Failed to load resource: the server responded with a status of 404.

型
在我的Visual Studio开发计算机上，该应用程序打开https：//localhost：7223/swagger/index.html
[更新]
为了在example.com上获得正确的解决方案，我需要将演示代码更改为使用swaggerui

的