[英]How setup subdomain in nginx?
我从一开始就尝试了几次,但仍然无法使用我的子域。 我有 ubuntu Nginx。 我想创建一个客户端和后端(子域)域。
客户端配置(正常工作):
server {
root /var/www/html/dist;
# Add index.php to the list if you are using PHP
index index.html;
server_name hookahscope.com www.hookahscope.com;
location ~ ^/(sitemap.xml) {
root /var/www/html/public;
}
location / {
try_files $uri /index.html;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; # managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
}
server {
if ($host = www.hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 default_server;
listen [::]:80 default_server;
server_name hookahscope.com www.hookahscope.com;
return 404; # managed by Certbot
}
更新:我的客户端(主域)配置有额外的配置,这是冲突
server {
if ($host = www.hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name www.api.hookahscope.com api.hookahscope.com; # managed by Certb>
return 404; # managed by Certbot
listen [::]:443 ssl; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # mana>
ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; # ma>
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; # >
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
}
server {
if ($host = www.api.hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = api.hookahscope.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
listen 80 ;
listen [::]:80 ;
server_name www.api.hookahscope.com api.hookahscope.com;
return 404; # managed by Certbot
}
和后端配置:
server {
listen 80;
root /var/www/backend;
# Add index.php to the list if you are using PHP
index index.html;
server_name api.hookahscope.com;
location ~ ^/(sitemap.xml) {
root /var/www/html/public;
}
location / {
proxy_pass http://localhost:8081;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
try_files $uri /index.html;
}
}
我在 pm2 上运行后端(服务器是带有 express 的 nodejs)所以,在本地我可以通过命令在 8081 端口上看到后端:
curl http://localhost:8081/
Nginx 显示一些错误,但对我没有帮助:
sudo nginx -t
nginx: [warn] conflicting server name "api.hookahscope.com" on 0.0.0.0:80, ignored
当然,如果去掉listen 80,错误就会消失; 从子域配置中,但我找不到我应该设置的内容而不是
UPDATED2我的子域配置:
server {
server_name api.hookahscope.com;
#location ~ ^/(sitemap.xml) {
# root /var/www/html/public;
#}
location / {
proxy_pass http://localhost:8081/;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
listen [::]:443 ssl ipv6only=on; # managed by Certbot
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # mana>
ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; # ma>
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; # >
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
}
而不是检查的Host
通过HTTP标头if ($host = hookahscope.com) { ... }
我建议筛选定义两个请求server
块作为建议由官方nginx的文件(阅读这个答案详细说明)。 有两个单独的 SSL server
块,您不应该在listen
指令ipv6only=on
使用ipv6only=on
标志(阅读此线程了解详细信息)。 这是我推荐使用的配置:
server {
# redirect HTTP to HTTPS for requests where the HTTP 'Host' header equal to one of our domains
listen 80;
listen [::]:80;
server_name hookahscope.com www.hookahscope.com api.hookahscope.com;
return 301 https://$http_host$request_uri;
}
server {
# close the connection immediately for the rest of requests
listen 80 default_server;
listen [::]:80 default_server;
return 444;
}
server {
# frontend
listen 443 ssl;
listen [::]:443 ssl;
server_name hookahscope.com www.hookahscope.com;
root /var/www/html/dist;
# SSL configuration made by certbot
ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
location = /sitemap.xml {
root /var/www/html/public;
}
location / {
try_files $uri /index.html;
}
}
server {
# backend
listen 443 ssl;
listen [::]:443 ssl;
server_name api.hookahscope.com;
# SSL configuration made by certbot
ssl_certificate /etc/letsencrypt/live/hookahscope.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/hookahscope.com/privkey.pem; managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
ssl_trusted_certificate /etc/letsencrypt/live/hookahscope.com/chain.pem; managed by Certbot
ssl_stapling on; # managed by Certbot
ssl_stapling_verify on; # managed by Certbot
location / {
proxy_pass http://localhost:8081;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection 'upgrade';
proxy_set_header Host $host;
proxy_cache_bypass $http_upgrade;
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.