[英]Allow only https for multiple domains in Nginx
我想將example.com
指向localhost:3000
並將api.example.com
指向localhost:3010
。 繼本和本教程中,我設法得到它的工作,但它不是很安全。 你們知道如何將其限制為僅https嗎? 如果我訪問http://example.com ,則Chrome中的URL會顯示“不安全”。
這是我的默認站點Nginx配置( /etc/nginx/sites-enabled/default
):
server {
# HTTP — redirect all traffic to HTTPS
listen 80;
listen [::]:80 default_server ipv6only=on;
return 301 https://$host$request_uri;
# Enable HTTP/2
listen 443 ssl http2;
listen [::]:443 ssl http2;
}
在/etc/nginx/conf.d/example.com.conf中制作一個配置文件
server {
server_name example.com;
# Use SSL certificates from Letsencrypt
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# Include SSL config from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
在/etc/nginx/conf.d/api.example.com.conf中制作了另一個配置文件
server {
server_name example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3010/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
我注意到的第一件事是,即使您暗示希望api.example.com.conf中的server_name為api.example.com,兩個文件中的server_name指令也是相同的。
另外,我認為您必須在與server_name指令相同的服務器塊中指定端口。 也許嘗試以下類似的方法。 由於您的默認conf文件未指定server_name,因此我認為根本不會引用該文件。
/etc/nginx/conf.d/example.com.conf
server {
listen 80 default_server;
listen [::]:80;
server_name example.com;
return 301 https://example.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name example.com;
# Use SSL certificates from Letsencrypt
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
# Include SSL config from cipherli.st
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3000/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
/etc/nginx/conf.d/api.example.com.conf
server {
listen 80;
listen [::]:80;
server_name api.example.com;
return 301 https://api.example.com$request_uri;
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
server_name api.example.com;
ssl_certificate /etc/letsencrypt/live/example.com/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/example.com/privkey.pem;
include snippets/ssl-params.conf;
location / {
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-NginX-Proxy true;
proxy_pass http://localhost:3010/;
proxy_ssl_session_reuse off;
proxy_set_header Host $http_host;
proxy_cache_bypass $http_upgrade;
proxy_redirect off;
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.