Warning: file_get_contents(/data/phpspider/zhask/data//catemap/7/rust/4.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Nginx使用SSL为错误的根提供服务_Ssl_Nginx - Fatal编程技术网
Fatal编程技术网
  • ssl/
  • Nginx使用SSL为错误的根提供服务

Nginx使用SSL为错误的根提供服务

ssl nginx

Nginx使用SSL为错误的根提供服务,ssl,nginx,Ssl,Nginx,我有两个nginx vhost,除了域和SSL/根位置之外,它们是相同的。它们看起来像这样: /etc/nginx/sites available/domain1.co.uk server { listen 80; server_name domain1.co.uk; rewrite ^/(.*) https://domain1.co.uk/$1 permanent; } server { listen 80; listen

我有两个nginx vhost,除了域和SSL/根位置之外,它们是相同的。它们看起来像这样:

/etc/nginx/sites available/domain1.co.uk

server {
    listen 80;
    server_name domain1.co.uk;
    rewrite ^/(.*) https://domain1.co.uk/$1 permanent;
}

server {
    listen               80;
    listen               443 ssl;
    server_name          www.domain1.co.uk;
    ssl_certificate /etc/nginx/ssl/domain1.chained.crt;
    ssl_certificate_key /etc/nginx/ssl/private/domain1.key;    
    return 301 $scheme://domain1.co.uk$request_uri;
}

server {
    listen 443 ssl;

    server_name domain1.co.uk;

    root        /var/www/domain1.co.uk/public_html;
    ssl_certificate /etc/nginx/ssl/domain1.chained.crt;
    ssl_certificate_key /etc/nginx/ssl/private/domain1.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    location / {
        try_files $uri @prerender;
    }

    location /blog/ {
    index index.php;
    try_files $uri $uri/ /blog/index.php?$args;
    }

    # pass the PHP scripts to FastCGI server listening on the php-fpm socket
    location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;

    }

    location ~ ^/api {
        try_files $request_uri $request_uri/ /api/index.php?$query_string;
    }

    location @prerender {
        proxy_set_header X-Prerender-Token 4398455894u5ugjgfgfj;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;

        set $prerender 0;
        if ($http_user_agent ~* "googlebot|yahoo|bingbot|baiduspider|yandex|yeti|yodaobot|gigabot|ia_archiver|facebookexternalhit|twitterbot|developers\.google\.com") {
            set $prerender 1;
        }
        if ($args ~ "_escaped_fragment_|prerender=1") {
            set $prerender 1;
        }
        if ($http_user_agent ~ "Prerender") {
            set $prerender 0;
        }

        if ($prerender = 1) {
            rewrite .* /$scheme://$host$request_uri? break;
            #proxy_pass http://localhost:3000;
            proxy_pass http://service.prerender.io;
        }
        if ($prerender = 0) {
            proxy_pass http://127.0.0.1:3000;
        }
    }

}
/etc/nginx/sites available/domain2.co.uk

server {
    listen 80;
    server_name domain2.co.uk;
    rewrite ^/(.*) https://domain2.co.uk/$1 permanent;
}

server {
    listen               80;
    listen               443 ssl;
    server_name          www.domain2.co.uk;
    ssl_certificate /etc/nginx/ssl/domain2.chained.crt;
    ssl_certificate_key /etc/nginx/ssl/private/domain2.key;    
    return 301 $scheme://domain2.co.uk$request_uri;
}

server {
    listen 443 ssl;

    server_name domain2.co.uk;

    root        /var/www/domain2.co.uk/public_html;
    ssl_certificate /etc/nginx/ssl/domain2.chained.crt;
    ssl_certificate_key /etc/nginx/ssl/private/domain2.key;
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_prefer_server_ciphers on;
    ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';

    location / {
        try_files $uri @prerender;
    }

    location /blog/ {
    index index.php;
    try_files $uri $uri/ /blog/index.php?$args;
    }

    # pass the PHP scripts to FastCGI server listening on the php-fpm socket
    location ~ \.php$ {
            try_files $uri =404;
            fastcgi_pass unix:/var/run/php5-fpm.sock;
            fastcgi_index index.php;
            fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
            include fastcgi_params;

    }

    location ~ ^/api {
        try_files $request_uri $request_uri/ /api/index.php?$query_string;
    }

    location @prerender {
        proxy_set_header X-Prerender-Token 4398455894u5ugjgfgfj;
        proxy_http_version 1.1;
        proxy_set_header Upgrade $http_upgrade;
        proxy_set_header Connection 'upgrade';
        proxy_set_header Host $host;
        proxy_cache_bypass $http_upgrade;

        set $prerender 0;
        if ($http_user_agent ~* "googlebot|yahoo|bingbot|baiduspider|yandex|yeti|yodaobot|gigabot|ia_archiver|facebookexternalhit|twitterbot|developers\.google\.com") {
            set $prerender 1;
        }
        if ($args ~ "_escaped_fragment_|prerender=1") {
            set $prerender 1;
        }
        if ($http_user_agent ~ "Prerender") {
            set $prerender 0;
        }

        if ($prerender = 1) {
            rewrite .* /$scheme://$host$request_uri? break;
            #proxy_pass http://localhost:3000;
            proxy_pass http://service.prerender.io;
        }
        if ($prerender = 0) {
            proxy_pass http://127.0.0.1:3000;
        }
    }

}
当我访问
domain1.co.uk
时,它就像预期的那样工作,并重定向到非www https URL。如果我访问
domain2.co.uk
,它会提供正确的SSL证书,但会在domain2 URL上显示domain1站点

我还有一个默认的服务器块:

server {
    listen 80 default_server;
    return 444;
}

server {
    listen 443 default_server;
    ssl on;
    ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
    ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
    return 444;
}
我如何配置它,使domain2.co.uk实际上是从
/var/www/domain2.co.uk/public_html
而不是domain1提供文件服务?

啊!很抱歉我想,你没有
domain2.co.uk
。希望您有“
/var/www/domain2.co.uk/public_html
”作为“
domain2.co.uk
”服务器的根目录。您是否让nginx读取/etc/nginx/sites available/domain2.co.uk文件(如果未包括该文件)。基本上,您需要检查/etc/nginx/nginx.conf中的“include”指令,并且创建一个sym链接文件“/etc/nginx/sites enabled/domain2.co.uk”,并将其指向“/etc/nginx/sites available/domain1.co.uk”以启用它。

这正是我所拥有的。主要代码块是我在两个域的两个文件中的代码,即
/etc/nginx/sites available/domain1.co.uk
/etc/nginx/sites available/domain2.co.uk
我有符号链接,nginx.conf有
include/etc/nginx/conf.d/*.conf
包括/etc/nginx/sites enabled/*这对我来说似乎是正确的。我有点被难住了:/噢!现在很难了。好的,更改后您重新加载了nginx服务吗?还有,你们有并没有可能一开始就把domain2.co.uk指向domain1的根目录,然后你们的浏览器缓存了它?结果证明我是个白痴。我使用Nginx作为NodeJS应用程序的反向代理,这两个文件都是
proxy\u passhttp://127.0.0.1:3000;指向同一个应用程序。啊哈!很高兴你找到了:)