Nginx使用SSL为错误的根提供服务
我有两个nginx vhost,除了域和SSL/根位置之外,它们是相同的。它们看起来像这样: /etc/nginx/sites available/domain1.co.ukNginx使用SSL为错误的根提供服务,ssl,nginx,Ssl,Nginx,我有两个nginx vhost,除了域和SSL/根位置之外,它们是相同的。它们看起来像这样: /etc/nginx/sites available/domain1.co.uk server { listen 80; server_name domain1.co.uk; rewrite ^/(.*) https://domain1.co.uk/$1 permanent; } server { listen 80; listen
server {
listen 80;
server_name domain1.co.uk;
rewrite ^/(.*) https://domain1.co.uk/$1 permanent;
}
server {
listen 80;
listen 443 ssl;
server_name www.domain1.co.uk;
ssl_certificate /etc/nginx/ssl/domain1.chained.crt;
ssl_certificate_key /etc/nginx/ssl/private/domain1.key;
return 301 $scheme://domain1.co.uk$request_uri;
}
server {
listen 443 ssl;
server_name domain1.co.uk;
root /var/www/domain1.co.uk/public_html;
ssl_certificate /etc/nginx/ssl/domain1.chained.crt;
ssl_certificate_key /etc/nginx/ssl/private/domain1.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
try_files $uri @prerender;
}
location /blog/ {
index index.php;
try_files $uri $uri/ /blog/index.php?$args;
}
# pass the PHP scripts to FastCGI server listening on the php-fpm socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ ^/api {
try_files $request_uri $request_uri/ /api/index.php?$query_string;
}
location @prerender {
proxy_set_header X-Prerender-Token 4398455894u5ugjgfgfj;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
set $prerender 0;
if ($http_user_agent ~* "googlebot|yahoo|bingbot|baiduspider|yandex|yeti|yodaobot|gigabot|ia_archiver|facebookexternalhit|twitterbot|developers\.google\.com") {
set $prerender 1;
}
if ($args ~ "_escaped_fragment_|prerender=1") {
set $prerender 1;
}
if ($http_user_agent ~ "Prerender") {
set $prerender 0;
}
if ($prerender = 1) {
rewrite .* /$scheme://$host$request_uri? break;
#proxy_pass http://localhost:3000;
proxy_pass http://service.prerender.io;
}
if ($prerender = 0) {
proxy_pass http://127.0.0.1:3000;
}
}
}
/etc/nginx/sites available/domain2.co.uk
server {
listen 80;
server_name domain2.co.uk;
rewrite ^/(.*) https://domain2.co.uk/$1 permanent;
}
server {
listen 80;
listen 443 ssl;
server_name www.domain2.co.uk;
ssl_certificate /etc/nginx/ssl/domain2.chained.crt;
ssl_certificate_key /etc/nginx/ssl/private/domain2.key;
return 301 $scheme://domain2.co.uk$request_uri;
}
server {
listen 443 ssl;
server_name domain2.co.uk;
root /var/www/domain2.co.uk/public_html;
ssl_certificate /etc/nginx/ssl/domain2.chained.crt;
ssl_certificate_key /etc/nginx/ssl/private/domain2.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
try_files $uri @prerender;
}
location /blog/ {
index index.php;
try_files $uri $uri/ /blog/index.php?$args;
}
# pass the PHP scripts to FastCGI server listening on the php-fpm socket
location ~ \.php$ {
try_files $uri =404;
fastcgi_pass unix:/var/run/php5-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi_params;
}
location ~ ^/api {
try_files $request_uri $request_uri/ /api/index.php?$query_string;
}
location @prerender {
proxy_set_header X-Prerender-Token 4398455894u5ugjgfgfj;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
set $prerender 0;
if ($http_user_agent ~* "googlebot|yahoo|bingbot|baiduspider|yandex|yeti|yodaobot|gigabot|ia_archiver|facebookexternalhit|twitterbot|developers\.google\.com") {
set $prerender 1;
}
if ($args ~ "_escaped_fragment_|prerender=1") {
set $prerender 1;
}
if ($http_user_agent ~ "Prerender") {
set $prerender 0;
}
if ($prerender = 1) {
rewrite .* /$scheme://$host$request_uri? break;
#proxy_pass http://localhost:3000;
proxy_pass http://service.prerender.io;
}
if ($prerender = 0) {
proxy_pass http://127.0.0.1:3000;
}
}
}
当我访问domain1.co.uk
时,它就像预期的那样工作,并重定向到非www https URL。如果我访问domain2.co.uk
,它会提供正确的SSL证书,但会在domain2 URL上显示domain1站点
我还有一个默认的服务器块:
server {
listen 80 default_server;
return 444;
}
server {
listen 443 default_server;
ssl on;
ssl_certificate /etc/ssl/certs/ssl-cert-snakeoil.pem;
ssl_certificate_key /etc/ssl/private/ssl-cert-snakeoil.key;
return 444;
}
我如何配置它,使domain2.co.uk实际上是从
/var/www/domain2.co.uk/public_html
而不是domain1提供文件服务?啊!很抱歉我想,你没有domain2.co.uk
。希望您有“/var/www/domain2.co.uk/public_html
”作为“domain2.co.uk
”服务器的根目录。您是否让nginx读取/etc/nginx/sites available/domain2.co.uk文件(如果未包括该文件)。基本上,您需要检查/etc/nginx/nginx.conf中的“include”指令,并且创建一个sym链接文件“/etc/nginx/sites enabled/domain2.co.uk”,并将其指向“/etc/nginx/sites available/domain1.co.uk”以启用它。这正是我所拥有的。主要代码块是我在两个域的两个文件中的代码,即/etc/nginx/sites available/domain1.co.uk
和/etc/nginx/sites available/domain2.co.uk
我有符号链接,nginx.conf有include/etc/nginx/conf.d/*.conf代码>和包括/etc/nginx/sites enabled/*代码>这对我来说似乎是正确的。我有点被难住了:/噢!现在很难了。好的,更改后您重新加载了nginx服务吗?还有,你们有并没有可能一开始就把domain2.co.uk指向domain1的根目录,然后你们的浏览器缓存了它?结果证明我是个白痴。我使用Nginx作为NodeJS应用程序的反向代理,这两个文件都是proxy\u passhttp://127.0.0.1:3000;代码>指向同一个应用程序。啊哈!很高兴你找到了:)