Redirect nginx通配符子域ssl重写
具有通配符dns子域记录。使用仅域验证SSL证书。 需要以这种方式设置nginx重写规则:Redirect nginx通配符子域ssl重写,redirect,nginx,ssl-certificate,wildcard-subdomain,Redirect,Nginx,Ssl Certificate,Wildcard Subdomain,具有通配符dns子域记录。使用仅域验证SSL证书。 需要以这种方式设置nginx重写规则: http://site.com => https://site.com http://*.site.com => http://*.site.com 我猜是这样的 server { listen 80; server_name site.com *.site.com; if ($host ~* "^([^.]+(\.[^.]+)*)\.site.com$"){
http://site.com => https://site.com
http://*.site.com => http://*.site.com
server {
listen 80;
server_name site.com *.site.com;
if ($host ~* "^([^.]+(\.[^.]+)*)\.site.com$"){
set $subd $1;
rewrite ^(.*)$ http://$subd.site.com$1 permanent;
break;
}
if ($host ~* "^site.com$"){
rewrite ^(.*)$ https://site.com$1 permanent;
break;
}
#rewrite ^ https://$server_name$request_uri? permanent;
charset utf-8;
}
server {
listen 443;
server_name site.com;
ssl On;
ssl_certificate /root/site.com.crt;
ssl_certificate_key /root/site.com.key;
location ~ \.php$ {
fastcgi_pass 127.0.0.1:8888;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME /var/www/site$fastcgi_script_name;
fastcgi_param QUERY_STRING $args;
include fastcgi_params;
}
location / {
root /var/www/site;
index index.php index.html;
if ($host !~ ^(site.com)$ ) {
return 444;
}
try_files $uri $uri/ /index.php?$args;
}
}
它无限循环。正确的方法是什么?您应该将服务器块重写为两部分。 第一部分仅适用于域“site.com”,然后重定向到https 第二部分,对于所有其他域,“*.site.com” 因此,您的nginx.conf将是: server { listen 80; server_name site.com; rewrite ^(.*)$ https://site.com$1 permanent; } server { listen 80; server_name *.site.com; charset utf-8; # etc ... } server { listen 443; server_name site.com; ssl On; ssl_certificate /root/site.com.crt; ssl_certificate_key /root/site.com.key; location ~ \.php$ { fastcgi_pass 127.0.0.1:8888; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /var/www/site$fastcgi_script_name; fastcgi_param QUERY_STRING $args; include fastcgi_params; } location / { root /var/www/site; index index.php index.html; if ($host !~ ^(site.com)$ ) { return 444; } try_files $uri $uri/ /index.php?$args; } } 服务器{ 听80; server_name site.com; 重写^(.*)$https://site.com1美元永久性; } 服务器{ 听80; 服务器名称*.site.com; 字符集utf-8; #等等。。。 } 服务器{ 听443; server_name site.com; ssl-On; ssl_证书/root/site.com.crt; ssl\u证书\u密钥/root/site.com.key; 位置~\.php${ fastcgi_pass 127.0.0.1:8888; fastcgi_index.php; fastcgi_参数脚本_文件名/var/www/site$fastcgi_脚本_名称; fastcgi_参数查询_字符串$args; 包括fastcgi_参数; } 地点/{ root/var/www/site; index.php index.html; 如果($host!~^(site.com)$){ 返回444; } try_files$uri$uri//index.php?$args; } }
nginx:[警告]0.0.0:80上的冲突服务器名称“site.com”忽略我假设您忘记从第二个服务器块的服务器名称中删除site.com…nginx:[警告]0.0.0:80上的冲突服务器名称“*.site.com”,因此它们在同一端口上冲突您完全错了,您应该仔细阅读常用文档,并找出particle中基于名称的服务器配置示例。搀杂 server { listen 80; server_name site.com; rewrite ^(.*)$ https://site.com$1 permanent; } server { listen 80; server_name *.site.com; charset utf-8; # etc ... } server { listen 443; server_name site.com; ssl On; ssl_certificate /root/site.com.crt; ssl_certificate_key /root/site.com.key; location ~ \.php$ { fastcgi_pass 127.0.0.1:8888; fastcgi_index index.php; fastcgi_param SCRIPT_FILENAME /var/www/site$fastcgi_script_name; fastcgi_param QUERY_STRING $args; include fastcgi_params; } location / { root /var/www/site; index index.php index.html; if ($host !~ ^(site.com)$ ) { return 444; } try_files $uri $uri/ /index.php?$args; } }