找回密码
 加入怎通
查看: 239|回复: 1

nginx的多域http、https同时访问配置及http重定向https(nginx多个域名指向不同地址访问)

[复制链接]
我来看看 发表于 2023-03-20 02:41:18 | 显示全部楼层 |阅读模式
1 w8 g, D2 }# C& y

nginx的多域http、https同时访问配置及http重定向https1、关于ssl 服务证书的申请或生成就略过,nginx安装略过了解nginx配置的几个细节:(1)nginx的配置都是由 directives组成,directives由简单指令或者区块指令组成

8 K8 A3 W" ~5 B$ q; z% ]

简单指令:listen 80;区块指令由{}包含,区块指令又可以包含多个简单指令和区块指令:http {server {}}(2)关于端口映射访问同一nginx服务器,指向不同域,所以必须分配不同端口,如果用http://ip:port形式 ,会很不方便,所以需要用到端口映射,如下(www.aaa.com:8880、www.bbb.com:8881均指向80端口):。

- \" G* r/ q# P# }0 X8 y+ o3 u

server{listen 80;server_name www.aaa.com;location / {#....proxy_pass http://localhost:8880;}}server{listen 80;

server_name www.bbb.com;location / {#....proxy_pass http://localhost:8881;}}(3)每次更改conf相关配置文件后需要重启nginx

(4)特定跳转页面设置:不带www也能正常跳转,增加一个server如下:server{listen 80;server_name aaa.com;location / {#....proxy_pass http://localhost:8880;

}...}或者进行301跳转server{listen 80;server_name aaa.com;rewrite ^/(.*) http://www.aaa.com/$1 permanent;}添加404网页,直接在里面添加,如:

server{listen 80;server_name www.bbb.com; #绑定域名error_page 404 /404.html;}最后还有一个方法需要注意,需要禁止IP直接访问80端口或者禁止非本站的域名绑定我们的IP,如下处理,放到最前一个server上面即可:

server{listen 80 default;servername ;return 403;}(5)每个域名可以写一个.conf文件,然后用include .conf导入配置,如下aaa.conf中的内容是:

server{listen 80;server_name www.aaa.com;location / {#....proxy_pass http://localhost:8880;}... }aaa.conf都放在/data/nginx/conf/vhost目录下,然后在nginx.conf中使用引入命令:

include /data/nginx/conf/vhost/*.conf;需要注意的是这句命令应该放在http{}的花括号内,因为include的命令引入相当于被引入的所有代码写在nginx.conf中一样。

2、nginx关于多域名访问服务器(1)配置nginx中conf文件夹下的nginx.conf加入代码(环境是windows 2008 server+upupw_np7.0)include vhosts.conf;

(2)conf文件夹下新建vhost.conf, 加入以下内容:server {listen 80;server_name aaa.com www.aaa.com;location / {root C:/UPUPW_NP7.0/htdocs;

index index.html index.htm default.html default.htm index.php default.php app.php u.php;include C:/UPUPW_NP7.0/htdocs/up-

.conf;}autoindex off;include advanced_settings.conf;#include expires.conf;location ~ .\/(attachment|attachments|uploadfiles|avatar)\/.

.(php|php5|phps|asp|aspx|jsp)$ {deny all;}location ~ ^.+.php {root C:/UPUPW_NP7.0/htdocs;fastcgi_pass bakend;

fastcgi_index index.php;fastcgi_split_path_info ^((?U).+.php)(/?.+)$;fastcgi_param PATH_INFO $fastcgi_path_info;

fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;include fastcgi.conf;}}#反向代理到本机其他域名增加以下内容

server {listen 80; server_name bbb.com www.bbb.com;5 {7 W p( S; s, r- P3 \/ V( x location / { |- K6 L$ x$ k4 y! J0 Z proxy_pass http://127.0.0.1:8888/; #指定本机服务器其他端口,通过http://ip:port能访问到你的网站6 Q9 N4 V: N2 g* \) E! P include uproxy.conf; 1 d% M. ^# |/ _8 `/ L/ R0 @4 D. c8 [ }: E8 c( U( I, B# n4 C: G }+ Z# y! i+ {. b/ Z r8 Y) {0 W) D

配置后可以同时访问aaa.com, bbb.com3、如果要http、https同时访问配置如下:server {listen 80;listen 443 ssl; server_name aaa.com www.aaa.com; * r( v8 ~& `9 Z. L#ssl on; #如果不取消本行会产生错误2 k. G; l! N3 z* z! B" w ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214534906590602.pem;" }2 R: s7 W# D1 Z6 c ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214534906590602.key; % z% h( Z! M1 I4 j5 R/ F#这里我使用的是阿里云的免费证书) W- o3 L) T0 B0 o; G ssl_session_timeout 5m; 3 u/ i" p1 N5 A, Bssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2; : L, O# n$ E H4 q$ w* r5 U9 _ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP; 8 E8 v; i) e# b8 f/ n* Assl_prefer_server_ciphers on;& M5 u* q# W* K4 f k location / {( O/ j1 k5 F3 i5 @! _7 X; P root C:/UPUPW_NP7.0/htdocs; 9 I2 ?4 |" Q5 V index index.html index.htm default.html default.htm index.php default.php app.php u.php; 9 w8 y/ }8 h( ^, d+ o+ E+ j include C:/UPUPW_NP7.0/htdocs/up-*.conf; 9 p5 k6 |) H, C0 f Z% \ } p9 {+ }; i1 O8 o autoindex off; y. C$ |) x+ m include advanced_settings.conf; 6 n3 `4 {4 R @8 H: L #include expires.conf;1 n8 }2 N1 K$ I3 e5 S* h4 s/ b; C location ~* .*\/(attachment|attachments|uploadfiles|avatar)\/.*\.(php|php5|phps|asp|aspx|jsp)$ { % H0 ?- k# w" l" }1 g$ d deny all; + O* \/ C+ B! q } 6 m/ p) s6 n5 N2 Y location ~ ^.+\.php { ( q' V- |0 y; j# }1 q: p3 f8 D root C:/UPUPW_NP7.0/htdocs;/ A& b, y( u4 X# Z9 |" J fastcgi_pass bakend; - z2 `# K8 ~5 w7 F: j5 m) n9 P fastcgi_index index.php;7 Q, @4 c" r' h" G- p ]1 v fastcgi_split_path_info ^((?U).+\.php)(/?.+)$; & @7 r4 p' i Z, Y! Z) B' a fastcgi_param PATH_INFO $fastcgi_path_info; 4 C8 A0 {" Z3 R; M. d" i fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info; R/ [6 q% c- |+ q. [ include fastcgi.conf; 5 X. C/ G7 W! h# v- _& x4 _ L" T }0 o9 ]% }# H8 l } + ~7 n. Y) y3 F

#反向代理到本机其他域名增加以下内容server {listen 80; server_name bbb.com www.bbb.com;#ssl on;ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214543350020602.pem;

ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214543350020602.key;ssl_session_timeout 5m;ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;

ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;ssl_prefer_server_ciphers on; location / { 8 t- i8 S( s' r+ T) \ ? proxy_pass http://127.0.0.1:8888/; #指定本机服务器其他端口,通过http://ip:port能访问到你的网站 : S+ E& C* X3 a& m! @" _7 [ p2 J include uproxy.conf;# p& r+ O' w( H }' P- `4 }& b& p- F; D } 5 \8 m: c& J( b0 {7 e; U

**在设置443端口的时候遇到以下问题:nginx端口占用,启动报错:bind() to 0.0.0.0:443 failed (10013: An attempt was made to access a socket in a way f

解决方法:1)cmd输入netstat -aon | findstr “443” 查找端口占用情况,找到提示占用的端口号0.0.0.0:443,查看后,pid值为4, 在系统进程服务中查到pid=4的进程为一个系统后台服务

2)一般该服务为:Routing and Remote Access服务,只需在组件服务中把对应的停掉,重启nginx即可4、如果要让Http 重定向至 Https,对vhosts.conf配置如下:server{

listen 80;server_name aaaa.comm www.aaa.com;add_header Strict-Transport-Security max-age=15768000;return 301 https://$server_name$request_uri;1 b4 |4 H" |( c- o/ l

}server {#listen 80;listen 443 ssl; server_name aaa.com www.aaa.com; & E) E2 s6 p" n9 C& Xssl on; #如果不取消本行会产生错误$ {7 o3 }- n0 b ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214534906590602.pem;: R9 a; x0 A3 U5 y# ~, l ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214534906590602.key; " @" B) E S9 I X9 P. t- ? #这里我使用的是阿里云的免费证书 , s+ n. [- j B. t8 U5 Tssl_session_timeout 5m;$ q2 u. K- T" n- f ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;2 k3 o) Z# w. |% S9 _7 z1 c ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;8 { ` u: P. J ssl_prefer_server_ciphers on; * D$ [( u6 \, U location / { 1 @0 `0 z" Z/ e. ` root C:/UPUPW_NP7.0/htdocs; 1 Q% M( u6 V" s( N6 Q index index.html index.htm default.html default.htm index.php default.php app.php u.php;/ E7 E t7 }/ W include C:/UPUPW_NP7.0/htdocs/up-*.conf; ! `$ L- o. w' q' ]! @* A }6 ^ ^( B' X! H8 K. G autoindex off;: I" |3 Z8 B$ ~7 I1 e include advanced_settings.conf; % E; ]& ~& K# \: u #include expires.conf;5 [8 ^/ K5 c1 l4 H location ~* .*\/(attachment|attachments|uploadfiles|avatar)\/.*\.(php|php5|phps|asp|aspx|jsp)$ {; C7 l4 H# k/ m1 S; e% n deny all; , R, v `5 p, l) l6 \( ~5 r }( q# }0 `4 m2 B1 ^8 I0 m2 U location ~ ^.+\.php {% E% G, c9 B V0 c7 a u& Y! L- \" i root C:/UPUPW_NP7.0/htdocs; # Q1 I& K* G! w1 V# r' P6 l ^ fastcgi_pass bakend; ! o9 H9 m$ D( L: T( D fastcgi_index index.php; . |' ]7 i o4 t4 Y9 o fastcgi_split_path_info ^((?U).+\.php)(/?.+)$; 8 o2 C! r! l4 }0 M0 S fastcgi_param PATH_INFO $fastcgi_path_info;: ~7 q. H$ [! y: L1 p/ @, ]9 O fastcgi_param PATH_TRANSLATED $document_root$fastcgi_path_info;/ V- P- r; N/ k) Z$ Y include fastcgi.conf;" h8 X/ h0 v9 G& r* o }, B5 _. n) ^% X. U } 1 y7 g6 |3 [7 L4 s I$ @0 V! l" x

#反向代理到本机其他域名增加以下内容server{listen 80;server_name bbb.com www.bbb.com;add_header Strict-Transport-Security max-age=15768000;

return 301 https://$server_name$request_uri;}server {#listen 80; server_name bbb.com www.bbb.com;#ssl on;

ssl_certificate C:/UPUPW_NP7.0/Nginx/cert/214543350020602.pem;ssl_certificate_key C:/UPUPW_NP7.0/Nginx/cert/214543350020602.key;

ssl_session_timeout 5m;ssl_protocols SSLv3 TLSv1 TLSv1.1 TLSv1.2;ssl_ciphers ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP;

ssl_prefer_server_ciphers on; location / {! M9 Z+ Y) v0 g) n: X6 k) c- | proxy_pass http://127.0.0.1:8888/; #指定本机服务器其他端口,通过http://ip:port能访问到你的网站 2 L4 e, ]' v+ d& i include uproxy.conf; 8 b5 b b3 Z- n$ i6 m, S }4 \" Q% q3 T( | M# A5 Z } $ ?3 g1 \3 j4 c! p# K9 m3 s

作者daydaydream的原创作品,如需转载,请注明出处,否则将追究法律责任转载地址:https://blog.51cto.com/13238147/2087756

回复

使用道具 举报

昨时 发表于 2026-01-10 21:11:23 | 显示全部楼层
说得很实在,没有夸大其词,这种真实分享太难得了
回复

使用道具 举报

    您需要登录后才可以回帖 登录 | 加入怎通

    本版积分规则

    QQ|手机版|小黑屋|网站地图|真牛社区 ( 苏ICP备2023040716号-2 )

    GMT+8, 2026-7-7 14:07 , Processed in 0.035038 second(s), 25 queries , Gzip On.

    免责声明:本站信息来自互联网,本站不对其内容真实性负责,如有侵权等情况请联系420897364#qq.com(把#换成@)删除。

    Powered by Discuz! X3.5

    快速回复 返回顶部 返回列表