[英]NGINX: Setup SSL Certificate for multiple ports using 1 domain name
我已经建立了一个使用Rest API来获取其所有数据的网站。 我的网站已通过SSL证书保护。 我的默认文件( etc/nginx/sites-enabled/default
)如下所示:
server {
listen 80;
server_name example.com;
rewrite ^/(.*) https://example.com/$1 permanent;
}
server {
listen 443 ssl;
listen [::]:80 default_server;
root /var/www/example;
index index.html;
server_name example.com;
ssl_certificate /root/example.com.crt;
ssl_certificate_key /root/example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
try_files $uri $uri/ =404;
}
}
问题是我的Rest API(我从中获取所有数据)必须具有SSL证书,才能将所有数据安全地传输到我的网站。
我在默认文件( etc/nginx/sites-enabled/default
)中为其余api创建了另一个服务器块。 看起来像这样:
server {
listen 8877;
server_name example.com;
rewrite ^/(.*) https://example.com:8877/$1 permanent;
}
server {
listen 443 ssl;
listen [::]:8877 default_server;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
server_name example.com;
ssl_certificate /root/example.com.crt;
ssl_certificate_key /root/example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_pass http://example.com:1111;
}
}
我知道我应该这样合并它们:
server {
listen 80ssl;
listen 8877 ssl;
index index.html index.htm index.nginx-debian.html;
server_name example.com;
ssl_certificate /root/example.com.crt;
ssl_certificate_key /root/example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
// DO SOMETHING
}
}
问题是我需要位置块在端口80和端口8877上均具有不同的功能。在端口8877上,位置块应指向在backround proxy_pass http://example.com:1111;
运行的NodeJS项目proxy_pass http://example.com:1111;
。 在端口80上,它不应指向我的NodeJS项目。 我该怎么做?
还是有更好的方法来做到这一点? 我已经被这个问题困扰了2天了。 无法购买第二个域或SSL证书+我的证书支持单个域上的多个端口。
这是我会做的/尝试的:
(如果不需要,请考虑关闭TLS 1.0)
# General HTTP to HTTPS
server {
listen 80;
listen [::]:80;
server_name example.com default_server;
location / {
return 302 https://$host$request_uri;
}
}
server {
listen 443 ssl;
server_name example.com default_server;
root /var/www/example;
index index.html;
ssl_certificate /root/example.com.crt;
ssl_certificate_key /root/example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
try_files $uri $uri/ =404;
}
}
server {
listen 8877 ssl;
listen [::]:8877 ssl;
server_name example.com;
# Add index.php to the list if you are using PHP
index index.html index.htm index.nginx-debian.html;
ssl_certificate /root/example.com.crt;
ssl_certificate_key /root/example.com.key;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
location / {
proxy_pass http://example.com:1111;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.