|
; B. h2 {# u2 ^& V/ _ nginx的多域http、https同时访问配置及http重定向https1、关于ssl 服务证书的申请或生成就略过,nginx安装略过了解nginx配置的几个细节:(1)nginx的配置都是由 directives组成,directives由简单指令或者区块指令组成 3 \" P' C- ]* g1 c9 M2 L' r6 ~7 e$ ^
简单指令:listen 80;区块指令由{}包含,区块指令又可以包含多个简单指令和区块指令:http {server {}}(2)关于端口映射访问同一nginx服务器,指向不同域,所以必须分配不同端口,如果用http://ip:port形式 ,会很不方便,所以需要用到端口映射,如下(www.aaa.com:8880、www.bbb.com:8881均指向80端口):。 , g) P4 x2 Y+ s/ v4 u
server{listen 80;server_name www.aaa.com;location / {#....proxy_pass http://localhost:8880;}}server{listen 80; server_name www.bbb.com;location / {#....proxy_pass http://localhost:8881;}}(3)每次更改conf相关配置文件后需要重启nginx (4)特定跳转页面设置:不带www也能正常跳转,增加一个server如下:server{listen 80;server_name aaa.com;location / {#....proxy_pass http://localhost:8880; }...}或者进行301跳转server{listen 80;server_name aaa.com;rewrite ^/(.*) http://www.aaa.com/$1 permanent;}添加404网页,直接在里面添加,如: server{listen 80;server_name www.bbb.com; #绑定域名error_page 404 /404.html;}最后还有一个方法需要注意,需要禁止IP直接访问80端口或者禁止非本站的域名绑定我们的IP,如下处理,放到最前一个server上面即可: server{listen 80 default;servername ;return 403;}(5)每个域名可以写一个.conf文件,然后用include .conf导入配置,如下aaa.conf中的内容是: server{listen 80;server_name www.aaa.com;location / {#....proxy_pass http://localhost:8880;}... }aaa.conf都放在/data/nginx/conf/vhost目录下,然后在nginx.conf中使用引入命令: include /data/nginx/conf/vhost/*.conf;需要注意的是这句命令应该放在http{}的花括号内,因为include的命令引入相当于被引入的所有代码写在nginx.conf中一样。 2、nginx关于多域名访问服务器(1)配置nginx中conf文件夹下的nginx.conf加入代码(环境是windows 2008 server+upupw_np7.0)include vhosts.conf; (2)conf文件夹下新建vhost.conf, 加入以下内容:server {listen 80;server_name aaa.com www.aaa.com;location / {root C:/UPUPW_NP7.0/htdocs; index index.html index.htm default.html default.htm index.php default.php app.php u.php;include C:/UPUPW_NP7.0/htdocs/up- .conf;}autoindex off;include advanced_settings.conf;#include expires.conf;location ~ .\/(attachment|attachments|uploadfiles|avatar)\/. .(php|php5|phps|asp|aspx|jsp)$ {deny all;}location ~ ^.+.php {root C:/UPUPW_NP7.0/htdocs;fastcgi_pass bakend; fastcgi_index index.php;fastcgi_split_path_info ^((?U).+.php)(/?.+)$;fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;include fastcgi.conf;}}#反向代理到本机其他域名增加以下内容 server {listen 80; server_name bbb.com www.bbb.com;
* P- K; S1 w4 ]& Q location / {6 d5 M: V* m1 ^* [, H& @( M
proxy_pass http://127.0.0.1:8888/; #指定本机服务器其他端口,通过http://ip:port能访问到你的网站
/ L. Q# c! s* [, N8 w5 o6 }+ ` include uproxy.conf;( C, F5 _( j' @6 A b
}
4 f" Y3 n& x+ T$ F- V, y }- x! E7 R, o7 N
配置后可以同时访问aaa.com, bbb.com3、如果要http、https同时访问配置如下:server {listen 80;listen 443 ssl; server_name aaa.com www.aaa.com;
( V0 B% R/ [& d#ssl on; #如果不取消本行会产生错误
2 h& X9 G2 m% c0 assl_certificate C:/UPUPW_NP7.0/Nginx/cert/214534906590602.pem;8 o9 E' ^ @/ ?
ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214534906590602.key; / r8 Q( o: J6 S" H8 y( D" J
#这里我使用的是阿里云的免费证书& w& M- V# [# D; m7 T, V" M
ssl_session_timeout 5m;
) G* k( W2 N/ n4 t tssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;% m- C8 j# E, X9 k: ?" p
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
7 J! _& ^3 |7 Z) }: ]$ ~. Rssl_prefer_server_ciphers on;
, H$ q8 Z( Y S location / {1 w3 q: a; E7 i3 {9 F0 \) W
root C:/UPUPW_NP7.0/htdocs;
7 q0 r& K0 c$ ~+ [ index index.html index.htm default.html default.htm index.php default.php app.php u.php;
- G. v$ o. A4 y8 z3 ^7 u8 R0 { include C:/UPUPW_NP7.0/htdocs/up-*.conf;4 F( _& R$ @. Z6 N
}
- P$ w1 |6 y( [3 H7 L5 L autoindex off;7 Q/ v! ~0 A2 g4 Z; T, @ h
include advanced_settings.conf;# j0 e2 f: [, A2 P" Y
#include expires.conf;0 _* `& c2 _7 o. x, E
location ~* .*\/(attachment|attachments|uploadfiles|avatar)\/.*\.(php|php5|phps|asp|aspx|jsp)$ {
9 x( Y# Y$ R' c7 ? deny all;
) |0 `+ K* m. O/ S5 c4 L# c, b }
& Y$ @% y2 i8 h, x9 d# X; g location ~ ^.+\.php {7 M: P4 x2 Q) s* S$ m% Z% t
root C:/UPUPW_NP7.0/htdocs;
+ L$ i- p: l6 t! \% Z fastcgi_pass bakend;
* w" X7 r$ d, j, K7 b% @ fastcgi_index index.php;
) R' I }- B( E3 |5 R fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;5 B% u8 z1 X3 A8 J5 P* u9 w
fastcgi_param PATH_INFO $fastcgi_path_info;
3 q3 d# Q: ?& U1 p; W$ c( g0 P fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;
2 l- U% W: ~; ~0 u include fastcgi.conf;
: {( B3 ]* x* G, y8 F }
3 u3 l% W% k! X c }
& X0 V1 o9 f" V4 E5 w0 s #反向代理到本机其他域名增加以下内容server {listen 80; server_name bbb.com www.bbb.com;#ssl on;ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214543350020602.pem; ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214543350020602.key;ssl_session_timeout 5m;ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;ssl_prefer_server_ciphers on; location / {
' A6 {1 k5 F& U, B; M+ _" y proxy_pass http://127.0.0.1:8888/; #指定本机服务器其他端口,通过http://ip:port能访问到你的网站) n+ H9 H1 h. A: T
include uproxy.conf;8 Z* m3 \2 R5 O( D0 A5 W! l1 K0 e
}
! q3 N6 i) Z7 h3 I5 B }3 M) A* m0 s" s
**在设置443端口的时候遇到以下问题:nginx端口占用,启动报错:bind() to 0.0.0.0:443 failed (10013: An attempt was made to access a socket in a way f 解决方法:1)cmd输入netstat -aon | findstr “443” 查找端口占用情况,找到提示占用的端口号0.0.0.0:443,查看后,pid值为4, 在系统进程服务中查到pid=4的进程为一个系统后台服务 2)一般该服务为:Routing and Remote Access服务,只需在组件服务中把对应的停掉,重启nginx即可4、如果要让Http 重定向至 Https,对vhosts.conf配置如下:server{ listen 80;server_name aaaa.comm www.aaa.com;add_header Strict-Transport-Security max-age=15768000;return 301 https://$server_name$request_uri;
* P) A A* V, z- |# x }server {#listen 80;listen 443 ssl; server_name aaa.com www.aaa.com;, d, E- d( ?+ G9 u& _
ssl on; #如果不取消本行会产生错误
$ ^$ w* a( {! F! ^# D( Tssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214534906590602.pem;1 I8 C8 g0 g/ E: z0 Z
ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214534906590602.key; 1 c/ H+ C3 C2 l
#这里我使用的是阿里云的免费证书
- `! ~ [1 c: x. Z% P! Nssl_session_timeout 5m;
( G9 G7 t3 P, Y5 k3 k8 xssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
( \5 d0 u2 a) assl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;# ?4 p; ` _, h# a! P; g
ssl_prefer_server_ciphers on;5 e& f2 c4 I9 p, z
location / {9 l1 g( o) g+ b% a
root C:/UPUPW_NP7.0/htdocs;
% d- O; U) Z( K index index.html index.htm default.html default.htm index.php default.php app.php u.php;' f9 m8 B0 d7 r0 I7 [) q
include C:/UPUPW_NP7.0/htdocs/up-*.conf;- k: C' |; w2 G- A5 h; g
}
7 g+ n0 B: _/ m5 I7 y autoindex off;
* J# p# y( u4 Z f0 Q* w! f/ _" N include advanced_settings.conf;
9 }1 K) s4 }1 L* t- X9 b' K #include expires.conf;" y: W% y) `" N
location ~* .*\/(attachment|attachments|uploadfiles|avatar)\/.*\.(php|php5|phps|asp|aspx|jsp)$ {. K; z7 X; ~. A C+ n( z
deny all;
$ A# ^$ |- u2 a4 N }- w. `- d7 N; k' b% ~! z' [6 R
location ~ ^.+\.php {
2 L5 _8 T1 t7 E; s; \9 d( z root C:/UPUPW_NP7.0/htdocs;
! e+ Y5 a* k+ K ?; ~2 S# o fastcgi_pass bakend;
7 [( R3 O/ b$ P" q/ @, X1 E! I2 T fastcgi_index index.php;
/ \! W3 D+ F {7 Z+ h$ z fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;3 N% z, _- F% Q0 t
fastcgi_param PATH_INFO $fastcgi_path_info;
7 c% L% `. x9 s" w- {& X3 Q0 \% {: R; q fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;1 B- K4 q; I) e* z0 o
include fastcgi.conf;
2 C/ j! G- o* m, _1 D9 X, l. r }
3 D5 z m# p" q6 S3 l; v }) O- h+ Q1 T1 `/ A0 G- B
#反向代理到本机其他域名增加以下内容server{listen 80;server_name bbb.com www.bbb.com;add_header Strict-Transport-Security max-age=15768000; return 301 https://$server_name$request_uri;}server {#listen 80; server_name bbb.com www.bbb.com;#ssl on; ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214543350020602.pem;ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214543350020602.key; ssl_session_timeout 5m;ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; location / {& d/ k6 D' ]) C" a: p
proxy_pass http://127.0.0.1:8888/; #指定本机服务器其他端口,通过http://ip:port能访问到你的网站
' K# s8 d1 A: O/ o9 S R include uproxy.conf;
+ i$ U1 v" d6 T1 ^ }
# [3 @* b+ p$ l7 C }& g/ C/ t6 }" s6 E
作者daydaydream的原创作品,如需转载,请注明出处,否则将追究法律责任转载地址:https://blog.51cto.com/13238147/2087756 | 
