如何解决如何为ubuntu服务器中的多个运行端口配置https nginx配置 主要配置params/ssl对于我的 /etc/nginx/params/proxy_fullparams/proxy_full对于我的 /etc/nginx/params/proxy_full
在 ubuntu 服务器中托管多个端口(5000、5001)面临着一种独特的问题。我正在使用 Nginx 在目录“/etc/nginx/site-availabe”中配置两个子域,并取消链接默认配置。但主要问题是当侦听端口“:80”对两个子域都正常工作时,但是当为 SSL 证书文件配置时,侦听 443 仅指向两个子域的端口 5000,而不是 5001 端口。如果我有任何配置问题,我会分享我的配置文件。
此设置为 5001 端口
server {
listen 80;
server_name lenderapp.xxx.in;
return 301 https://lenderapp.xxx.in$request_uri;
# rewrite ^(.*) https://lenderapp.xxx.in$1 permanent;
}
server {
listen 443;
ssl on;
server_name www.lenderapp.xxx.in;
#root /home/dmin/OProjects/lender_demo;
error_log /var/log/nginx/error_lenderapp.log error;
access_log /var/log/nginx/lenderapp_access.log;
ssl_certificate /home/admin/OProjects/ssl_cert/lender_cert/ssl_cert.cert;
ssl_certificate_key /home/admin/OProjects/ssl_cert/lender_cert/ssl_cert_key.key;
location /{
proxy_pass http://0.0.0.0:5001;
root /home/admin/OProjects/lender_demo;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
现在是端口 5000 的第二个设置
server {
listen 80;
server_name bcadmin.xxx.in;
return 301 https://bcadmin.xxx.in$request_uri;
#rewrite ^(.*) https://bcadmin.xxx.in$1 permanent;
}
server {
listen 443 ssl http2;
server_name www.bcadmin.tradefi.in;
root /home/admin/OProjects/admin_console;
error_log /var/log/nginx/lenderapp.log error;
access_log /var/log/nginx/lenderapp_access.log;
ssl_certificate /home/admin/OProjects/ssl_cert/ssl_cert.cert;
ssl_certificate_key /home/admin/OProjects/ssl_cert/ssl_cert_key.key;
location /{
proxy_pass 'http://0.0.0.0:5000';
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
}
}
请帮帮我……我非常需要帮助
解决方法
乍一看,您的配置中看不到真正的错误。但是使用 0.0.0.0 作为目标 IP - 这个 IP 是一种“任何 IP”。您应该坚持使用 127.0.0.1 进行本地重定向。此外,ssl on 自 06/2018 起已弃用...
我建议将您的配置拆分成几个文件以保持更好的概览。它将使配置更具可读性,并将真正帮助您处理日常事务(和增强功能)。
对于您的配置,我的方法如下。我将此配置用于 > 35 个域,在我的一台服务器上没有问题。它不会只是工作,还会给您在 SSLtest 上的 A+ 评级。此配置采用您的日志和证书文件名 - 在我看来这不是最佳的 ;)
主要配置
# This block redirect any :80 traffic to its https counterpart.
server {
listen 80 default_server;
listen [::]:80 default_server; # <-- ipv6
server_name _;
return 301 https://$host$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2; # <-- ipv6
server_name www.lenderapp.xxx.in;
error_log /var/log/nginx/error_lenderapp.log error;
access_log /var/log/nginx/lenderapp_access.log;
include params/ssl;
ssl_certificate /home/admin/OProjects/ssl_cert/lender_cert/ssl_cert.cert;
ssl_certificate_key /home/admin/OProjects/ssl_cert/lender_cert/ssl_cert_key.key;
location / {
proxy_pass http://127.0.0.1:5001;
include params/proxy_full;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2; # <-- ipv6
server_name www.bcadmin.tradefi.in;
error_log /var/log/nginx/lenderapp.log error;
access_log /var/log/nginx/lenderapp_access.log;
include params/ssl;
ssl_certificate /home/admin/OProjects/ssl_cert/ssl_cert.cert;
ssl_certificate_key /home/admin/OProjects/ssl_cert/ssl_cert_key.key;
location / {
proxy_pass http://127.0.0.1:5000;
include params/proxy_full;
}
}
params/ssl(对于我的 /etc/nginx/params/proxy_full)
注意:您需要在 dhparam 内有一个 params 文件才能使其工作。如果不存在,请使用 openssl dhparam -out /etc/nginx/params/dhparam.pem 4096 创建一个。
ssl_session_timeout 10m;
ssl_session_cache shared:SSL:10m;
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers ECDHE-RSA-AES256-GCM-SHA512:DHE-RSA-AES256-GCM-SHA512:ECDHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-GCM-SHA384;
ssl_prefer_server_ciphers on;
ssl_dhparam params/dhparam.pem;
ssl_ecdh_curve secp384r1;
ssl_session_tickets off;
ssl_stapling on;
ssl_stapling_verify on;
resolver 8.8.8.8 8.8.4.4;
resolver_timeout 5s;
params/proxy_full(对于我的 /etc/nginx/params/proxy_full)
add_header X-Upstream $upstream_addr;
proxy_http_version 1.1;
proxy_set_header Connection "upgrade";
proxy_set_header Host $http_host;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Host $server_name;
proxy_set_header X-Forwarded-Proto https;
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。