|
1 w8 g, D2 }# C& y
nginx的多域http、https同时访问配置及http重定向https1、关于ssl 服务证书的申请或生成就略过,nginx安装略过了解nginx配置的几个细节:(1)nginx的配置都是由 directives组成,directives由简单指令或者区块指令组成
8 K8 A3 W" ~5 B$ q; z% ] 简单指令:listen 80;区块指令由{}包含,区块指令又可以包含多个简单指令和区块指令:http {server {}}(2)关于端口映射访问同一nginx服务器,指向不同域,所以必须分配不同端口,如果用http://ip:port形式 ,会很不方便,所以需要用到端口映射,如下(www.aaa.com:8880、www.bbb.com:8881均指向80端口):。
- \" G* r/ q# P# }0 X8 y+ o3 u server{listen 80;server_name www.aaa.com;location / {#....proxy_pass http://localhost:8880;}}server{listen 80; server_name www.bbb.com;location / {#....proxy_pass http://localhost:8881;}}(3)每次更改conf相关配置文件后需要重启nginx (4)特定跳转页面设置:不带www也能正常跳转,增加一个server如下:server{listen 80;server_name aaa.com;location / {#....proxy_pass http://localhost:8880; }...}或者进行301跳转server{listen 80;server_name aaa.com;rewrite ^/(.*) http://www.aaa.com/$1 permanent;}添加404网页,直接在里面添加,如: server{listen 80;server_name www.bbb.com; #绑定域名error_page 404 /404.html;}最后还有一个方法需要注意,需要禁止IP直接访问80端口或者禁止非本站的域名绑定我们的IP,如下处理,放到最前一个server上面即可: server{listen 80 default;servername ;return 403;}(5)每个域名可以写一个.conf文件,然后用include .conf导入配置,如下aaa.conf中的内容是: server{listen 80;server_name www.aaa.com;location / {#....proxy_pass http://localhost:8880;}... }aaa.conf都放在/data/nginx/conf/vhost目录下,然后在nginx.conf中使用引入命令: include /data/nginx/conf/vhost/*.conf;需要注意的是这句命令应该放在http{}的花括号内,因为include的命令引入相当于被引入的所有代码写在nginx.conf中一样。 2、nginx关于多域名访问服务器(1)配置nginx中conf文件夹下的nginx.conf加入代码(环境是windows 2008 server+upupw_np7.0)include vhosts.conf; (2)conf文件夹下新建vhost.conf, 加入以下内容:server {listen 80;server_name aaa.com www.aaa.com;location / {root C:/UPUPW_NP7.0/htdocs; index index.html index.htm default.html default.htm index.php default.php app.php u.php;include C:/UPUPW_NP7.0/htdocs/up- .conf;}autoindex off;include advanced_settings.conf;#include expires.conf;location ~ .\/(attachment|attachments|uploadfiles|avatar)\/. .(php|php5|phps|asp|aspx|jsp)$ {deny all;}location ~ ^.+.php {root C:/UPUPW_NP7.0/htdocs;fastcgi_pass bakend; fastcgi_index index.php;fastcgi_split_path_info ^((?U).+.php)(/?.+)$;fastcgi_param PATH_INFO $fastcgi_path_info; fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;include fastcgi.conf;}}#反向代理到本机其他域名增加以下内容 server {listen 80; server_name bbb.com www.bbb.com;5 {7 W p( S; s, r- P3 \/ V( x
location / {
|- K6 L$ x$ k4 y! J0 Z proxy_pass http://127.0.0.1:8888/; #指定本机服务器其他端口,通过http://ip:port能访问到你的网站6 Q9 N4 V: N2 g* \) E! P
include uproxy.conf;
1 d% M. ^# |/ _8 `/ L/ R0 @4 D. c8 [ }: E8 c( U( I, B# n4 C: G
}+ Z# y! i+ {. b/ Z r8 Y) {0 W) D
配置后可以同时访问aaa.com, bbb.com3、如果要http、https同时访问配置如下:server {listen 80;listen 443 ssl; server_name aaa.com www.aaa.com;
* r( v8 ~& `9 Z. L#ssl on; #如果不取消本行会产生错误2 k. G; l! N3 z* z! B" w
ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214534906590602.pem;" }2 R: s7 W# D1 Z6 c
ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214534906590602.key;
% z% h( Z! M1 I4 j5 R/ F#这里我使用的是阿里云的免费证书) W- o3 L) T0 B0 o; G
ssl_session_timeout 5m;
3 u/ i" p1 N5 A, Bssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;
: L, O# n$ E H4 q$ w* r5 U9 _ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;
8 E8 v; i) e# b8 f/ n* Assl_prefer_server_ciphers on;& M5 u* q# W* K4 f k
location / {( O/ j1 k5 F3 i5 @! _7 X; P
root C:/UPUPW_NP7.0/htdocs;
9 I2 ?4 |" Q5 V index index.html index.htm default.html default.htm index.php default.php app.php u.php;
9 w8 y/ }8 h( ^, d+ o+ E+ j include C:/UPUPW_NP7.0/htdocs/up-*.conf;
9 p5 k6 |) H, C0 f Z% \ } p9 {+ }; i1 O8 o
autoindex off; y. C$ |) x+ m
include advanced_settings.conf;
6 n3 `4 {4 R @8 H: L #include expires.conf;1 n8 }2 N1 K$ I3 e5 S* h4 s/ b; C
location ~* .*\/(attachment|attachments|uploadfiles|avatar)\/.*\.(php|php5|phps|asp|aspx|jsp)$ {
% H0 ?- k# w" l" }1 g$ d deny all;
+ O* \/ C+ B! q }
6 m/ p) s6 n5 N2 Y location ~ ^.+\.php {
( q' V- |0 y; j# }1 q: p3 f8 D root C:/UPUPW_NP7.0/htdocs;/ A& b, y( u4 X# Z9 |" J
fastcgi_pass bakend;
- z2 `# K8 ~5 w7 F: j5 m) n9 P fastcgi_index index.php;7 Q, @4 c" r' h" G- p ]1 v
fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
& @7 r4 p' i Z, Y! Z) B' a fastcgi_param PATH_INFO $fastcgi_path_info;
4 C8 A0 {" Z3 R; M. d" i fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; R/ [6 q% c- |+ q. [
include fastcgi.conf;
5 X. C/ G7 W! h# v- _& x4 _ L" T }0 o9 ]% }# H8 l
}
+ ~7 n. Y) y3 F #反向代理到本机其他域名增加以下内容server {listen 80; server_name bbb.com www.bbb.com;#ssl on;ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214543350020602.pem; ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214543350020602.key;ssl_session_timeout 5m;ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;ssl_prefer_server_ciphers on; location / {
8 t- i8 S( s' r+ T) \ ? proxy_pass http://127.0.0.1:8888/; #指定本机服务器其他端口,通过http://ip:port能访问到你的网站
: S+ E& C* X3 a& m! @" _7 [ p2 J include uproxy.conf;# p& r+ O' w( H
}' P- `4 }& b& p- F; D
}
5 \8 m: c& J( b0 {7 e; U **在设置443端口的时候遇到以下问题:nginx端口占用,启动报错:bind() to 0.0.0.0:443 failed (10013: An attempt was made to access a socket in a way f 解决方法:1)cmd输入netstat -aon | findstr “443” 查找端口占用情况,找到提示占用的端口号0.0.0.0:443,查看后,pid值为4, 在系统进程服务中查到pid=4的进程为一个系统后台服务 2)一般该服务为:Routing and Remote Access服务,只需在组件服务中把对应的停掉,重启nginx即可4、如果要让Http 重定向至 Https,对vhosts.conf配置如下:server{ listen 80;server_name aaaa.comm www.aaa.com;add_header Strict-Transport-Security max-age=15768000;return 301 https://$server_name$request_uri;1 b4 |4 H" |( c- o/ l
}server {#listen 80;listen 443 ssl; server_name aaa.com www.aaa.com;
& E) E2 s6 p" n9 C& Xssl on; #如果不取消本行会产生错误$ {7 o3 }- n0 b
ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214534906590602.pem;: R9 a; x0 A3 U5 y# ~, l
ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214534906590602.key; " @" B) E S9 I X9 P. t- ?
#这里我使用的是阿里云的免费证书
, s+ n. [- j B. t8 U5 Tssl_session_timeout 5m;$ q2 u. K- T" n- f
ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;2 k3 o) Z# w. |% S9 _7 z1 c
ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;8 { ` u: P. J
ssl_prefer_server_ciphers on;
* D$ [( u6 \, U location / {
1 @0 `0 z" Z/ e. ` root C:/UPUPW_NP7.0/htdocs;
1 Q% M( u6 V" s( N6 Q index index.html index.htm default.html default.htm index.php default.php app.php u.php;/ E7 E t7 }/ W
include C:/UPUPW_NP7.0/htdocs/up-*.conf;
! `$ L- o. w' q' ]! @* A }6 ^ ^( B' X! H8 K. G
autoindex off;: I" |3 Z8 B$ ~7 I1 e
include advanced_settings.conf;
% E; ]& ~& K# \: u #include expires.conf;5 [8 ^/ K5 c1 l4 H
location ~* .*\/(attachment|attachments|uploadfiles|avatar)\/.*\.(php|php5|phps|asp|aspx|jsp)$ {; C7 l4 H# k/ m1 S; e% n
deny all;
, R, v `5 p, l) l6 \( ~5 r }( q# }0 `4 m2 B1 ^8 I0 m2 U
location ~ ^.+\.php {% E% G, c9 B V0 c7 a u& Y! L- \" i
root C:/UPUPW_NP7.0/htdocs;
# Q1 I& K* G! w1 V# r' P6 l ^ fastcgi_pass bakend;
! o9 H9 m$ D( L: T( D fastcgi_index index.php;
. |' ]7 i o4 t4 Y9 o fastcgi_split_path_info ^((?U).+\.php)(/?.+)$;
8 o2 C! r! l4 }0 M0 S fastcgi_param PATH_INFO $fastcgi_path_info;: ~7 q. H$ [! y: L1 p/ @, ]9 O
fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;/ V- P- r; N/ k) Z$ Y
include fastcgi.conf;" h8 X/ h0 v9 G& r* o
}, B5 _. n) ^% X. U
}
1 y7 g6 |3 [7 L4 s I$ @0 V! l" x #反向代理到本机其他域名增加以下内容server{listen 80;server_name bbb.com www.bbb.com;add_header Strict-Transport-Security max-age=15768000; return 301 https://$server_name$request_uri;}server {#listen 80; server_name bbb.com www.bbb.com;#ssl on; ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214543350020602.pem;ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214543350020602.key; ssl_session_timeout 5m;ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; ssl_prefer_server_ciphers on; location / {! M9 Z+ Y) v0 g) n: X6 k) c- |
proxy_pass http://127.0.0.1:8888/; #指定本机服务器其他端口,通过http://ip:port能访问到你的网站
2 L4 e, ]' v+ d& i include uproxy.conf;
8 b5 b b3 Z- n$ i6 m, S }4 \" Q% q3 T( | M# A5 Z
}
$ ?3 g1 \3 j4 c! p# K9 m3 s 作者daydaydream的原创作品,如需转载,请注明出处,否则将追究法律责任转载地址:https://blog.51cto.com/13238147/2087756 |