如何将此Apache VHost迁移到nginx
我比较新,想在nginx上测试一个服务,但我很难将这个Apache配置转换为nginx如何将此Apache VHost迁移到nginx,nginx,hosting,microservices,Nginx,Hosting,Microservices,我比较新,想在nginx上测试一个服务,但我很难将这个Apache配置转换为nginx <VirtualHost *:80> ServerName api.my-site.de DocumentRoot /var/www/api.my-site.de/current/public <Directory "/var/www/api.my-site.de/current/public"> AllowOverride FileInfo AuthCo
<VirtualHost *:80>
ServerName api.my-site.de
DocumentRoot /var/www/api.my-site.de/current/public
<Directory "/var/www/api.my-site.de/current/public">
AllowOverride FileInfo AuthConfig Limit Options=All,MultiViews Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Order deny,allow
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerName api.my-site.de
DocumentRoot /var/www/api.my-site.de/current/public
<Directory "/var/www/api.my-site.de/current/public">
AllowOverride FileInfo AuthConfig Limit Options=All,MultiViews Indexes
Options MultiViews Indexes SymLinksIfOwnerMatch IncludesNoExec
Order deny,allow
</Directory>
SSLEngine on
SSLCertificateFile /etc/ssl/private/wildcard.my-site.de.crt
SSLCertificateKeyFile /etc/ssl/private/wildcard.my-site.de.key
SSLCertificateChainFile /etc/ssl/private/chain.crt
</VirtualHost>
首先,我喜欢在服务器块中分离不同的配置(即使现在是一样的,当你2年后回来需要阅读这篇文章时,你会爱上你自己) ssl证书: Nginx仅读取1个crt文件,在ssl_证书下,此处您需要将链和crt连接到同一文件中,更多信息: 所以我要做的是: 将证书复制到其他地方,以确保安全,并且不接触任何东西
sudo cp /etc/ssl/private/wildcard.my-site.de.crt /etc/ssl/private/api-mysite-de.pem
并将您的链连接到“证书”中
然后,您可以将ssl\U证书设置到此文件,以便nginx工作
server {
listen 443 ssl;
listen [::]:443 ipv6only=on ssl;
server_name api.my-site.de
ssl_on;
ssl_certificate /etc/ssl/private/api-mysite-de.pem;
ssl_certificate_key /etc/ssl/private/wildcard.my-site.de.key;
access_log /var/log/nginx/ssl-api.my-site.de.access.log;
error_log /var/log/nginx/ssl-api.my-site.de.cat.error.log;
location / {
root /var/www/api.my-site.de/current/public;
}
}
这里是http端口80配置
将.htaccess文件放在/var/www/api.my-site.de/current/public中,它应该可以正常工作
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name api.my-site.de
access_log /var/log/nginx/api.my-site.de.access.log;
error_log /var/log/nginx/api.my-site.de.cat.error.log;
#logs are love, logs are life
location / {
root /var/www/api.my-site.de/current/public;
}
}
如果您需要任何进一步的配置,或者它在日志中显示任何错误(我在那里配置了它们),请推荐,我将尝试处理它
希望我能帮上忙。您可以将.htaccess文件放在/var/www/api.my-site.de/current/public目录中,并在那里处理任何需要的重写或其他操作。(如果这是你正在经历的困难时期)。此外,将链和crt放入一个文件中,以便于ssl管理。如果您有任何问题或希望我编写服务器块,请告诉我。@flaixmani我添加了我的服务器配置版本,这看起来正确吗?我找不到SSLCertificateChainFile的选项。我省略了这个目录部分。在nginx中没有SSLCertificateChainFile,您需要做的是将crt和链放在同一个文件中,并使用ssl\u证书引用该文件。现在您已经有了一个草稿,我将尝试创建一个服务器块来工作(同时提供有关ssl证书的说明)。
server {
listen 443 ssl;
listen [::]:443 ipv6only=on ssl;
server_name api.my-site.de
ssl_on;
ssl_certificate /etc/ssl/private/api-mysite-de.pem;
ssl_certificate_key /etc/ssl/private/wildcard.my-site.de.key;
access_log /var/log/nginx/ssl-api.my-site.de.access.log;
error_log /var/log/nginx/ssl-api.my-site.de.cat.error.log;
location / {
root /var/www/api.my-site.de/current/public;
}
}
server {
listen 80;
listen [::]:80 ipv6only=on;
server_name api.my-site.de
access_log /var/log/nginx/api.my-site.de.access.log;
error_log /var/log/nginx/api.my-site.de.cat.error.log;
#logs are love, logs are life
location / {
root /var/www/api.my-site.de/current/public;
}
}